I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.   Summary: This document specifies a way for a client to signal its digital    signature and hash algorithm knowledge to a cache or server.  The intent is for it to be used by cache or server administrators to track evolving algorithm support.      Detail: The draft seems straightforward and is just a method for clients to notify the server of supported algorithms.  The only other attack I can think of, that is not mentioned, would be a denial of service.  You may want to add this to the security considerations and any notes on how it can be prevented (connections or logs).   Best regards, Kathleen