Hi,   I have reviewed this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review.  Document editors and WG chairs should treat these comments just like any other last call comments.   This is a relative simple specification that updates RFC 7296 extending the range of types of public keys supported by IKEv2. It is clear, well written and has a couple of examples that help with understanding the need and applicability. It is ready for publication from an Operational and Manageability point of view, and a RFC 5706 full review would not apply.   There are no special manageability or operational concerns. There is however an operational impact that is mentioned only indirectly in Section 4 (Security Considerations) and which would have deserved maybe some text. To be deployed the new raw public keys need to be either preconfigured, or configured through a configuration interface, or secure DNS should be used. In any case there is an increased level of operational complexity involved in the deployment, and this could have been explicitly mentioned.   I hope this helps,   Regards,   Dan