Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Overall, the document looks pretty good. I'd recommend taking another look at the Security Considerations section. It is sufficient and contains everything that I think needs to be said. However, it may be a bit more clear if you separate the security concerns of the protocol, from the security concerns of credential management and policy. As I see it, the first and last paragraphs are concerned with credentials and policy while the middle paragraphs have statements about the actual protocol. As a nit, I would suggest defining PoP at some point. While it's pretty obvious, I just like the traditional use of defining it before it's used. :-) Best regards, Chris