I have reviewed this document as part of the security directorate's ongoing

effort to review all IETF documents being processed by the IESG.  These

comments were written primarily for the benefit of the security area

directors.  Document editors and WG chairs should treat these comments just

like any other last call comments.

This is a clarifications document describing the changes to RFC3515 that

were implied by the publication of RFC6665. The document is fairly opaque to

readers not familiar with those two RFCs (including me), but its claim that

it does not change the security considerations for RFC3515 beyond those

already stated in RFC6665 seem highly plausible. It's a little surprising

that the contentof this document wasn't folded into RFC6665, but assuming

that document was adequately reviewed, this one should be fine.

Radia