Overall, it is a fine document. I have two comments.
1. The Abstract says:
... This version (-03) updates the ASN.1 syntax to
align with ANS X9.44 and ISO/IEC 18033-2.
I suggest the following replacement text:
... The ASN.1 syntax is aligned with ANS X9.44
and ISO/IEC 18033-2.
2. Section 2.1 says:
An implementation SHOULD also support KDF2 and KDF3 based on SHA-256
(see [FIPS-180-2]), the Triple-DES Key Wrap (see [3DES-WRAP]) and the
Camillia key wrap algorithm (see [Camillia]).
I agree with SHOULD support the use of SHA-256 in the KDF. But, I do
not like the rest of this structure. i would rather say something
like: "If 3DES is supported as a a content-encryption cipher, then
the Triple-DES Key Wrap (see [3DES-WRAP]) SHOULD be supported." I
support a similar statement for Camillia.
Russ