I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments. This document describes what is essentially a 'send original, not cached flag' for LDAP. Only security issue I can see here is that the following does not give the purpose very clearly. 4. Security Considerations This control is intended to be provided where providing service using copied information might lead to unexpected application behavior. Designers of directory applications should consider where it is appropriate for clients to provide this control. Designers should consider whether use of copied information, in particular security and policy information, may result insecure behavior. I would suggest the following instead 4. Security Considerations This control is intended to be provided where providing service using copied information might lead to unexpected application behavior. Use of the Don't Use Copy control may permit an attacker to perform or amplify a Denial of Service attack by causing additional server resources to be employed. LDAP is frequently used for storage and distribution of security sensitive information, including access control and security policy information. Failure to use the Don't Use Copy control may thus permit an attacker to gain unauthorized access by allowing reliance on stale data. The meaning is unchanged, but the additional context might help the reader. -- Website: http://hallambaker.com/