My apologies. I don't know that a review this late is useful but I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. This document specifies the use of AES and ECC in CBC-MAC Mode (CCM) for TLS 1.2. Further, it uses Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) to establish keys. The document is pretty short and to the point. The Security Considerations section just mentions the benefit of "perfect forward secrecy", the burden that the counter in AES-CCM never be reused, and how that burden is met. I believe that, overall, the document adequately covers needed security considerations when one also takes into account material outside of the Security Considerations section. Question: There are a number of SHOULDs in this draft with no indication of when you might not do what is specified. For example "The client SHOULD offer the elliptic_curves extension" If the specified crypto depends on ECC, what happens if the client doesn't do that? Trivia: In standards track documents, I prefer to use "specifies" rather than "describes", for example in the abstract and introduction. Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3 at gmail.com