I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. EDITORIAL COMMENTS Section 3., last paragraph: s/&UTF8SMTPbis;/UTF8SMTPbis/ Section 3.1, last paragraph: I've pretty much given up complaining about the abominable practice of using pointers as if they were real objects (e.g., "See [RFC5198] for a discussion...") but the use of a pointer to a document as a noun ("normalization form [NFC] SHOULD be used" is much too much: both confusing (Is there a document describing the NFKC normalization form? Sure, it's [NFC]!) and too precious by far. STRONGLY suggest changing the text to read See RFC 5198 [RFC5198] for a discussion of Unicode normalization; normalization form NFC [UNF] SHOULD be used. Actually, if one is going to do internationalization properly, one of the most often-cited goals is to permit people to spell their names correctly. Since many mailbox local parts reflect personal names, that principle applies to mailboxes as well. The NFKC [UNF] normalization form SHOULD NOT be used because it may lose information that is needed to correctly spell some names in some unusual circumstances.