I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at . Document: draft-ietf-lamps-rfc6844bis-06 Reviewer: Peter Yee Review Date: 2019-05-15 IETF LC End Date: 2019-05-08 IESG Telechat date: Not scheduled for a telechat Summary: Ready with Issues. This draft is an update to RFC 6844 dealing with the CAA RR used to notify CAs as to which CA(s) are allowed to issue certificates for a particular domain. The issues and nits I note are rather minor. Apologies for the lateness of this review. Major issues: Minor issues: Page 10, 2nd paragraph: the appearance of "sub.wild.example.com" presupposes that there was no other RRset that matched sub.wild.example.com (or a "deeper" domain name) already. That assumption should be noted in this paragraph. Page 13, section 5.6: a little context should be given here. This abuse is only plausible if the domain owner is being given the RRset data by the CA rather than generating that data itself. Nits/editorial comments: Page 5, 1st partial paragraph: change "with" to "within". Page 5, 1st full paragraph: regarding the reference to Section 4, shouldn't this actually be Section 3? Page 8, definition of "Value", 2nd sentence: delete redundant "the". Page 15, 1st partial paragraph, 1st partial sentence: change "use" to "used". Page 15, section 7, 2nd paragraph: is there a reference available for the term "WebPKI"? Page 15, section 7, 3rd paragraph, 1st sentence: insert "the" before "issue".