Security review of 
		TLS Extension for DANE Client Identity
		   draft-ietf-dance-tls-clientid-07

Do not be alarmed.  I generated this review of this document as part
of the security directorate's ongoing effort to review all IETF
documents being processed by the IESG.  These comments were written
with the intent of improving security requirements and considerations
in IETF drafts.  Comments not addressed in last call may be included
in AD reviews during the IESG review.  Document editors and WG chairs
should treat these comments just like any other last call comments.

The document defines an extension to TLS that allows a client to send its
DNS identity to the server as part of the connection setup.
The server can find the associated certificate or raw public key
for that exact identity.  In TLS 1.3, the identity is encrypted.

The document is written clearly and explains a useful extension for
extending the security and efficiency of TLS, especially that of TLS 1.3.

Hilarie