Do not be alarmed.  I generated this review of this document as part
of the security directorate's ongoing effort to review all IETF
documents being processed by the IESG.  These comments were written
with the intent of improving security requirements and considerations
in IETF drafts.  Comments not addressed in last call may be included
in AD reviews during the IESG review.  Document editors and WG chairs
should treat these comments just like any other last call comments.

The document has a lot of information about Post Quantum Cryptography
--- why it is necessary for long-term security, the many
considerations to keep in mind when deciding to use PQC, the security
properties of various algorithms for signing, hashing, and exchanging
keys.

From the introduction to the document:
"... detailing the impact of CRQCs on existing systems and the challenges
involved in transitioning to post-quantum algorithms"
"... this shift may require significant protocol redesign due to the
   unique properties of post-quantum algorithms."

The authors make a valiant effort to unravel the PQC ball of yarn,
and they have a great deal of information to share.  I think it
would be good to have a document like this, but I'm skeptical about
this draft being the right thing.

The minor problems with the document aggregate around introducing
terminology or specific references before defining them.  There is a
warning about possible quick advances in quantum computing that might
sharply increase the number of logical qubits, but the dependence of
successful QC on logical qubits is not explained.  There's some
hyperbole that is not based on published data, and other similar
things.  The first half of the document might be text from multiple
authors that was edited together.  Although it reads smoothly, the
logic of it is "jumpy".  I started marking problem areas, but that
distracted me from reading the whole thing, so I abandoned the details
and read it through for content.

The larger problem is that there is a great deal of information
and a lot of admonishments and warnings about considering this and
that, but there's very little clear guidance.  Or there is far too
much guidance.

At one point the document mentions that it may take decades to
transition to PQC.  But their methodology for evaluating need for PQC
may indicate the some organizations should transition immediately.
How can they do that if everything is as complicated as the document
indicates?

I don't know if very many people will be helped by reading this
document.  Most will probably throw up their hands and say "there's
no hope."  I think the guidance needs to be more consistent, simpler
(less "branchy"), and more focused on solutions.  If it is the case
that anyone involved in the PQC transition needs to know everything
this document, then I can understand why it might take decades
to get to the PQ world.

Hilarie