I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

This document specifies requirements for DOTS servers, clients, and the sessions setup between them. Many of the requirements are addressing security within the architecture.  When reading the requirements I became concerned with impersonation attacks, and I so I was glad to find that much of the Security Considerations section addresses the possibilities of those attacks. The only suggestion I have is to highlight the sentence  suggesting how to determine these attacks  ("To detect misuse, ....")  so that it is more prominent, for example by creating a separate paragraph. 

I believe the document is Ready to publish.