Dear all,

I have read this document as part of the SECDIR effort to read all IDs proceeding to the IESG. These comments should be treated like any other in last call. A summary of my review is Ready with nits.

The sole substantive comment I have is that the selection of just Elliptic Curve keys in Section 4.1 is probably too broad and too narrow at the same time. To broad in that there are many potential noninteroperable or not widely implemented curves, too narrow in that emerging PQ signatures will need a document update to be used. It may be worth rethinking mandating this choice here. Section 4.1 could also use a bit of editing: the server configures a private key, then this public key is used.

Editorially I think there were a few times I wrinkled my brow when reading due to forward referencing, but I think the document is short enough this is fine, and at this stage in the game such a big change as to reorder with the data up front, and then how the servers get set up to serve it is probably not worth it.

Sincerely,
Watson Ladd