I have been assigned to review this document as part of the ops directorate. This document describes conventions for using the HSS/LMS with CMS. Overall, this document is well-written, and I appreciate the considerations around signing size and computation in the introduction. This will help operators properly evaluate the use of this algorithm. I did find a few small nits. One thing that struck me on the first read is that you have to get to the Introduction before HSS/LMS are expanded whereas CMS is expanded in the abstract. Might I suggest you expand HSS and LMS in the abstract as well? Other nits: Abstract: s/for using the the HSS/LMS/for using the HSS/LMS/ === Section 2.3: s/When this object identifier is used for a HSS/LMS/When this object identifier is used for an HSS/LMS/ === Section 6: s/cause an one-time key/cause a one-time key/ s/When generating a LMS key pair/When generating an LMS key pair/