I reviewed version 05 of this I-D in July of 2008.  The current version is 10.

My original reviewed cited only a two major concerns:



	- the previous version was ambiguous about support for 


Camella. This version clarifies this issue, making support for 


Camellia a SHOULD.






	- the pervious version called for using an algorithm ID (with 


very complex parameters) in a cert to signal when a message recipient 


requires use of RSA-KEM. The authors addressed this concern in 


Section 2.3 (and Appendix B), by stating that these parameters MUST 


be absent when this OID is used in a cert in this context.






I have corresponded with Sean and he suggested that he could provide 


more explicit words re the fact that the parameters MUST be omitted 


when the algorithm OID appears in the SubjectPublicKey field of a 


cert. I encourage Sean to include this additional text.




Steve