Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I found some editorial glitches and the use of "temporal" when "temporary" was intended, but someone else can catch those. Reference K11 is now RFC 6467. That means the Notify message type and the GSPM payload type have now been assigned (16424 and 49 respectively) and can be inserted into the document where it currently says "TBD". The request to IANA names the wrong registry. The correct name is "IKEv2 Secure Password Methods" registry, established by RFC 6467. The relationship between this document and RFC 6467 is odd. In the ordinary course of events this document would have a normative dependency on RFC 6467. It is obvious that the latter was written after the present document, and avoidance of the dependency was deliberate on both sides. Still, the authors of this document might reconsider, even though RFC 6467 would be a down-reference since it is Informational. Tina