Greetings,

  I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

  The draft defines how to use the chacha20+poly1305 AEAD mode
in TLS. chacha is a cipher mode "designed by D.J. Bernstein" and
poly1305 is an authenticator "designed by D.J. Bernstein" (as the
draft sees necessary to mention) and the two have been combined
into an AEAD mode as defined in RFC 7539. This draft just says
to use the method of AEAD incorporation that the TLS specification
(RFC 5246) defines to put this AEAD mode into (D)TLS. It asks for
7 new TLS cipher suites.

  It's very concise and I consider it "Ready". That said, I'd add
a personal nit (which doesn't rise to the level of "Ready with nits")
that it's probably not necessary to have both a TLS_PSK_WITH and a
PSK_ECDHE_PSK_WITH cipher suite and would prefer doing away with
the former.

  regards,

  Dan.