draft-ietf-savi-framework-05.txt This document is a high level framework for SAVI and references a number of other documents. As such, I think, that the Security Considerations section is probably of adequate depth. However, there are a number of wording problems, both clarity and grammar, that I believe should be fixed, particularly in the Security Consideration section (Section 10) where there is one sentence I really didn't understand. See below. Also, as an Information document, it cannot have Normative References and all such should be reclassified as Informative. In the first sentence of the last paragraph of Section 3.1, it is a bit hard to tell that "single" is supposed to modify "method" rather ant "IP Address". I suggest replacing "each single IP address configuration method" with "each single method for IP address configuration individually". Unless, of course, I am more confused by this document than I think and "single" was supposed to modify "IP Address". Section 3.2, first bullet, suggest adding a reference to RFC 5342. Section 7, second setence has problems. Suggest replacing with "This document suggests 3 prefix configuration mechanisms for SAVI devices:". Section 7, first bullet, the acronym SLACC is used without definition or reference. Since it is only used twice, both instances being in this bullet, I suggest it bet spelled out in full. Section 7, first bullet item, what does "feasible" mean? Should "a feasible" by reaplced with "an allowed"? Section 7, second bullet item, the acronym RA is used without definition or reference. Since it is only used twice, both instances being in this bullet, I suggest it bet spelled out in full. Section 7, third bullet item, the acronym DHCP-PD is used without defintion or reference. Since it is only used twice, both instances being in this bullet, I suggest it bet spelled out in full (not "DHCP", just "PD"). Section 7, last sentence: the word "present" seems to be used in the sense of displaying to someone. How and to whom is this presentation? Section 10: I was a bit befuddled by the sentence "Besides, the binding may not accord with the address management requirement, which can be more specified for each client." The word "client" is used nowhere else in this document. What does this sentence mean and to what does "client" refer? Smaller Nits: People will probably figure it out but the first occurrence of Source Address Validation Improvement in the Introduction (and Abstract) should be followed by "(SAVI)". In the first sentence of Section 3.1, I would replace "traces" with "monitors" or "snoops". (The word "snoop" is used elsewhere in the document.) Section 5, third bullet, "in hosts to communicate" -> "in hosts communicating". Section 6, first paragraph, last sentence, "in mix scenario" -> "in this mixed scenario". Section 6, second paragraph, last three sentences have problems. Suggest "Current address assignment method standards documents have implied a prioritized relationship in general cases. However, in some scenarios, the default prioritizing may not be suitable. Configurable prioritization levels should be supported in a SAVI solution for the mixed scenario." Section 7, next to last sentence/paragraph, "is" -> "are" and insert "the" after "implies". Section 10, last sentence, suggest replacing with "Cryptographically based authentication is the only way to meet a requirement for strong security of IP addresses." Thanks, Donald =============================  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)  155 Beaver Street, Milford, MA 01757 USA  d3e3e3 at gmail.com