John:
I would prefer to see Section 6.3, paragraph 1, as follows:
The content-encryption key for the desired content-encryption
algorithm is randomly generated. The data to be protected
is padded as described below, then the padded data is encrypted
using the content-encryption key. The encryption operation maps an
arbitrary string of octets (the data) to another string of octets
(the ciphertext) under control of a content-encryption key. The
encrypted data is included in the envelopedData encryptedContentInfo
encryptedContent OCTET STRING.
Done.
I recall the addition of the sentence we just removed. It was added to
avoid confusion about which octets are encrypted. I guess that the
sentence did not add clarity.
Russ