I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This internet-draft describes a protocol for querying reputation data via HTTP. The first part of the protocol retrieves a template that will subsequently be used as the basis for a URI, which in turn is used to retrieve the reputation information. The security considerations section does exist and acknowledges that the base protocol for retrieving URIs is insecure as well as the retrieval of reputation data. The section refers to the URI template and well-known URI RFCs for further discussions of template exchange security issues and makes an informative reference to the repute considerations draft for the reputation retrieval. However, none of the referenced RFCs and draft directly talk about the various attacks and how to mitigate against said attacks. I would suggest a direct reference if such a document exists. General comments: None. Editorial comments: s/comprise the/comprise of the/ s/explicitly support support/explicitly support/ s/until finds one/until the client finds one/ Shawn. --