I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. Document editors and WG chairs should treat these comments just
like any other last call comments.

The summary of the review is: Ready with nits.

This document specifies conventions for using RSA-KEM as a standalone
KEM and using it with the Cryptographic Message Syntax (CMS).

I believe the document is sound and complete but found two trivial
typos as below. The document did seem a bit dense and terse in some
parts.

Trivia:

Note duplicated phrase in the 2nd sentence of this paragraph:
   The RSA-KEM Algorithm provides a fixed-length ciphertext.  The
   recipient MUST check that the received byte string is the expected
   length and the expected length and corresponds to an integer in the
   expected range prior to attempting decryption with their RSA private
   key as described in Steps 1 and 2 of Appendix A.2.

Appendix A: Inconsistent capitalization: SS, ss


I did not check Appendices B through D.

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 2386 Panoramic Circle, Apopka, FL 32703 USA
 d3e3e3@gmail.com