I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This document defines "value-added" octets that can cause TWAMP peers to enable some additional services, for example, multiplexing multiple TWAMP measurements into a single session.  These value-added octets are inserted into the packet as padding octets, so that an unaware host will simply ignore them.  Thus, the major new risk (relative to TWAMP) is that some of the additional features require more buffering than normal TWAMP, and can thus lead to DOS if not constrained. The Security Considerations section correctly notes this risk; it would be helpful if it included a little more detail on how the DOS conditions could arise.

--Richard