I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.


The summary of the review is the document is ready with nits.


Section 3.4 requires ("MUST") digestAlgorithm from SignerInfo to match digest algorithm used by the Composite ML-DSA. I believe it is worth spelling out that violation of this MUST result in rejection of the CMS object. Perhaps it is worth adding this to security considerations.


Further potential improvements to security considerations could include DoS considerations. ML-DSA (and its composites) have bigger signatures and its sign operation is generally more CPU-intensive compared to most classical algorithms. Implementers must take that into consideration.