The document is aimed for stds track: This document describes a means of negotiating the use of the encrypt-then-MAC security mechanism in place of TLS'/DTLS' existing MAC-then-encrypt one, which has been the subject of a number of security vulnerabilities over a period of many years. I do not see any issues regarding operational or network management aspects. Documents seems ready for publication from my point of view. Bert Wijnen