1. Please use the correct MUST/SHOULD conventions.
2. Section 2, para 1: Can we change the should not to MUST NOT to be
uniform with DSA and not deal with parameters in multiple places?
3. Section 2.1, para 2 - Note this is a must not and is not consistent with
section 2 para 1 (see comment 2)
4. Section 3 step 1. Please use CEK not K for the content encryption key.
5. Section 3, step 2c: I have not looked at the EC algorithm, but I assume
that the shared secret is not actually computed using the two public keys as
it would not be very secret.
6. Section 3, step 3d: Using a KDF of SHA-1 is bad. This leaves the
encryption algorithm open for attack especially if the key sizes can change.
Please look at the use of OtherKeyInfo in RFC 2631.