[I have reviewed this document as part of the Operational directorate's ongoing  effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the operational area directors.  Document editors and WG chairs should  treat these comments just like any other last call comments] The purpose of 2870bis itself, as stated up front in the introduction, is to separate operational requirements from protocol and deployment requirements. The operational requirements now reference a document  [ RSSAC-001 ]  outside of this SDO. This document has protocol requirements and some deployment requirements: I have no OAM-related concerns on the stated deployment requirements. Many of the security considerations in the original RFC2870 are themselves related to operational considerations and they are hopefully (re)captured fully in  [ RSSAC-001 ]. A lthough security considerations on respective DNS protocols are captured in respective RFCs; operational security considerations are critical to the security of the DNS (and, hence, the internet) infrastructure. Thanks, -mani