I have reviewed this document as part of the Ops area directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the Ops area directors.
Document editors and WG chairs should treat these comments just like any other last-call comments.

Summary: this document defines conventions for the use of KEM algorithms by the originator and recipients to encrypt and decrypt Cryptographic Message Syntax content. 

I think the document is written clear. However, I have some confusion in reading through the document. 

1. Section 1 says that KEM algorithm is a "Store-and-forward mechanism for transporting random keying material to a recipient". Does it mean the intermediate nodes simply forward the packets in the same way as any other IP packets?  Are there any encryption algorithms that are not Store-and-Forward? 

2. Is the "shared secret(ss)" only between the originator and the recipient? if one node needs to send KEM algorithm to multiple recipients, does it mean that the originator needs to keep multiple shared secret? 

3. Section 1.3: it states that the version number is intended to avoid ASN.1 decode errors. Is there any reference on how ASN numbers are used for avoiding ASN.1 decoding error? 

4. Section 2 states that "The originator randomly generates the content encryption key and all recipients obtain that key". How does originator distribute the "encryption key to all recipients"?  is the distribution encrypted? 

5. Section 5 last paragraph: What does "accept salt" mean? 


Nits: Section 1 first paragraph: "cryptographers have be specifying..." -> cryptographers have been specifying...