I have reviewed this document as part of the security directorate's  ongoing effort to review all IETF documents being processed by the  IESG.  These comments were written primarily for the benefit of the  security area directors.  Document editors and WG chairs should treat  these comments just like any other last call comments. This paper concerns the Layered Coding Transport building block.  LCT provides support for massively scalable protocols using the IP multicast network service. LCT supports sessions consisting or multiple channels, all with the same sender, but many different receivers.  This makes it compatible with many massively scalable congestion control protocols that use this structure. When we are dealing with massively scalable congestion control protocols, the question of denial of service naturally comes to mind.  Thus the security considerations section rightly mainly concerns itself with that.  However, it left me with several questions. 1.  The introduction says that "Protocol Instantiations that use the LCT building block MUST address the security requirements described in the following sections."   But there are no MUSTs or MUST NOTs in the following sections.  Indeed,sections 8.1 and 8.2 don't contain any recommendations at all; they simply identify vulnerabilities (which could, however, be addressed by authentication).  I would suggest either toning down the introduction ("MUST address the potential vulnerabilities" instead of "MUST address the requirements") or beef up the specific sections. 2.  The sections themselves have a kind of piecemeal feel about them, addressing specific potential attacks, but without giving a feeling that everything that is covered.  It might be a better idea to describe what services security mechanisms could provide (e.g. authentication, confidentiality) describe the various each service offered by LCT and its vulnerabilities, and then what security services would address.  I suspect, given the vulnerabilities that the authors have already described, it would mostly boil down to identifying which LCT data should or must be authenticated. Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email:  catherine.meadows at nrl.navy.mil