I reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.   These comments were written with the intent of improving security requirements and considerations in IETF drafts.   Comments not addressed in last call may be included in AD reviews during the IESG review.   Document editors and WG chairs should treat these comments just like any other last call comments.   This document the SCSI layout for Parallel NFS (RFC 5663). It appears to update that RFC (see the last paragraph on page 3), although the header does not indicate this.   In section 1 the text refers to a SCSI device “signature” but does not define this term.   Section 2.1 describes the security responsibilities for clients, and notes that the Security Considerations section (4) provides an expanded discussion. The bottom line is that SCSI layout pNFS is not recommended for use in contexts where clients cannot be trusted to enforce file access controls.   I did not review later parts of Section 2.   Section 3 reiterates the fact that SCSI layout pNFS relies on clients to enforce access controls and locks at a granularity finer than a device. For example, the architecture relies on client software to not try to access blocks on a device other than those to which the metadata server has granted access.   Sections 3.1 and 3.2 provide additional descriptions of the security assumptions and limitations associated with SCSI layout pNFS.   The   Security Considerations section consists of two paragraphs. The first reminds the reader that NFS security mechanisms may not be available in the SCSI layout pNFS context, because it operates at a lower layer than NFS. This mode of operation for pNFS may be insecure, or may be afforded good security, depending on the underlying access protocols. iSCSI (RFC 7143) is cited as an example of the latter.   The second paragraph reiterates the warnings that appeared earlier in the document, noting that this mode of pNFS is not suitable for all environments.   I think the discussions of security provided by this I-D are appropriate and clearly written.