Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document provides a new way for RPKI Relying Parties to download RPKI objects. As mentioned in the Security Considerations, those objects are already cryptographically signed. The RRDP protocol provides some additional security to the download process, with no changes to the security properties of the RPKI objects themselves. I think this document is Ready with nits. 3.3.2: It seems strange to me that you use MUST when talking about the timing/performance of the repository server. Is this relevant to security? Or is there another reason for a MUST? 3.4.2: I think "update its last processed serial number to the serial number of this snapshot file" should say "delta file" instead. 3.4.5: I'd recommend changing "in case of network issues" to "in case of network issues, or temporary failures of the repository server(s) or caching infrastructure". 3.5.1.2: I think the last paragraph might make it harder for the server to recover from a temporary overload, since it can't tell clients to wait longer than 1 minute before re-fetching. It seems to me that letting the clients get a few minutes out of date until the server operator can provision more capacity is better than accidentally DoSing the server. 3.5.4: Why is serial not an xsd:positiveInteger? Section 3.3.1 says that serials start at 1. -- David Eric Mandelberg / dseomn http://david.mandelberg.org/