2.2.4 PA-PK-AS-REP

The PA-PK-AS-REP message format is specified in [RFC4556] section 3.2.3.<12> The returned ticket does not include the AD-INITIAL-VERIFIED-CAS type in the authorization data. The content of the SignedData field in the content of EnvelopedData is encoded, as specified in [RFC2315] section 7, not as specified in [RFC3852]. Therefore, the data is not wrapped in OCTET STRING; rather, it is wrapped in an ANY DEFINED BY content specific type, as specified in [RFC2315] section 7.