Having not attended the Minneapolis meeting I must say that
I was very
surprised by your recommendation to drop OAEP as the MUST
transport mechanism with AES in favour of KEM.
This was done to death on the list a few months back. The
consensus seemed to
be that there was little support for OAEP, and a fair bit of
tying it to AES (see the list archives for the exact details
But, it there is little support for OAEP, why replace it with a newer
mechanism that has even less of an installed base? It seems to me that
there are fewer reasons for using KEM than there are for using OAEP.