I am the assigned ART directorate reviewer for this document. These comments were written primarily for the benefit of the ART area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

I previously reviewed -04 version of the draft. Since that version most of my points have been addressed (the point with intended document status has been re-routed to the IESG). I still have few minor issues.

1. Perhaps some text should be added about potential interoperability problems (or, as we hope, the lack of such) caused by deprecation of the mentioned key exchnage methods. If this could be backed up by some figures from real word, it would be great.

2. Section 2, last para last sentence:

   These values only apply to (D)TLS versions of 1.2 and
   below.

The text in the preceeding paras contains clarification that TLS 1.0 and TLS 1.1 have been already deprecated ("Note that TLS 1.0 and 1.1 are deprecated by [RFC8996]") and thus they are implicitly out of scope. I wonder whether this clarification should also be added here for consistency, since the draft explicitly states in the Abstract that it is only concerned with (D)TLS1.2 and not with earlier (D)TLS versions, which are already deprecated.