I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready. MAC address randomization has become a common method to enhance privacy of a user device. This document describes the affects of MAC address randomization on higher-level network services, in particular how MAC address randomization can negatively affect the operation of those network services. It provides an assessment of those risks, and presents some use cases for a reader to consider. This document is well-written, and I believe fairly presents the privacy issues in scope. I just have one comment and point out a couple of nits. 1. Except for the first sentence, the last paragraph in Section 2 seems to only be pertinent to the "Personal Device" class. Perhaps this could be made more clear. 2. Nit: Section 6.1 s/Soilict// 3. Nit: Section 6.2 s/operators.Table/operators. Table/