This document has been reviewed as part of the transport area review team's
ongoing effort to review key IETF documents. These comments were written
primarily for the transport area directors, but are copied to the document's
authors and WG to allow them to address any issues raised and also to the IETF
discussion list for information.

When done at the time of IETF Last Call, the authors should consider this
review as part of the last-call comments they receive. Please always CC
tsv-art@ietf.org if you reply to or forward this review.


This document has been reviewed as part of the transport area review team's
ongoing effort to review key IETF documents. These comments were written
primarily for the transport area directors, but are copied to the document's
authors and WG to allow them to address any issues raised and also to the IETF
discussion list for information.

When done at the time of IETF Last Call, the authors should consider this
review as part of the last-call comments they receive. Please always CC
tsv-art@ietf.org if you reply to or forward this review.

Summary: This document is almost ready for publication as a Proposed
         Standard document. I don't see critical concerns in this draft from transport view point, 
         but I believe it will be better to address the following points.


1: While each packet's chain looks self-contained within that single packet, it would be good to mention that
   the mechanism will not be affected by packet reordering or duplication.

2: Section 7.2 states "Inappropriate use of this Integrity Protection Method may overload nodes and cause service degradation or failure," 
   which implicitly acknowledges risks for Dos attacks. I think this point should be addressed.

3: The Validator looks a single point of trust and failure. I think the draft should clarify what operational controls are  
   recommended for protecting the Validator. For example, would it be beneficial to deploy multiple Validators?