I have a few comments on draft-ietf-smime-small-subgroup-02.txt.
1. Section 1.2, 3rd paragraph: Please explain "r<<q". This is the only
use of the "<<" symbol.
2. Section 2.2, 2nd paragraph: Please explain that any protocol event that
allows the attacker to conclude that decryption was successful is also
relevant. Such events include replies and returning signed receipts.
3. Section 2.2, 3rd paragraph: Please remove the extra space after "party".
4. Section 4, 4th paragraph: Any integrity protection for the public keys
(not just signatures), will thwart the attack. Please expand the text to
cover any integrity mechanism.
5. Section 7: Please update the [CMS], [MSG], and [x942] references to
point to the RFCs.