The pkinit-nss module erroneously requires that the nonces in the request body and the pkauthenticator match. There's at least one way to embed signed data inside of enveloped data which I hadn't provided for, either.