I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments. Top level: this is a core security document and requires detailed review by the security area ADs. Given the time constraints and the fact that this is a document describing security options for an experimental protocol, I have not considered the attacks or possible solutions in detail yet.  One general point is that the security model should explain what is considered to be a security failure with a little more precision. Since this is a transport layer protocol that does transport, end-to-end confidentiality and integrity protections are more properly considered in an above transport/below application layer protocol such as TLS.  The attacks that would be very damaging to multipath are attacks that disrupt the channel in ways that the end-to-end component can't recover from.  Some nits: General, HMAC is frequently used where MAC is the correct term of art. HMAC is one construction of a MAC based on a hash function. This is quite likely not the optimum technique for a protocol at this layer where AES acceleration hardware is usually available and SHA-2/3 hardware is not. Moreover the MAC approaches are much more efficient even in software as they can be streamed. Section 1: o Off-path attacker. This is an attacker that does not need to be located in any of the paths of the MPTCP session at any point in time during the lifetime of the MPTCP session. This means that the Off-path attacker cannot eavesdrop any of the packets of the MPTCP session. Having singled out the type of attacks that can't be made, the attacks that can should be mentioned as well. Or better still, state that the attacks are limited to active attacks. Since the attack classification is referenced in the attacker classification, better to describe the attacks first.