I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at . Document: draft-ietf-core-object-security-08 Reviewer: Joel Halpern Review Date: 2018-02-21 IETF LC End Date: 2018-03-02 IESG Telechat date: 2018-03-08 Summary: This document is ready for publication as a Proposed Standard RFC Major issues: N/A Minor issues: In section 8.2 on verifying the request, step 5 says to "compose" the Additional Authentication Data. I would have expected it to be "verify" the Additional Authentication Data. I could imagine that the verification consists of composing what it should be, and then comparing with what is received. But I do not see the comparison step. is it implicit in some other step? This occurs again in 8.4, so I presume I am simply missing something. This may suggest some clarification could be useful. Nits/editorial comments: N/A