I reviewed this document as part of the Security Directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the Security Area
Directors.  Document authors, document editors, and WG chairs should
treat these comments just like any other IETF Last Call comments.

Document: draft-ietf-radext-radiusdtls-bis-15
Reviewer: Russ Housley
Review Date: 2026-02-25
IETF LC End Date: 2026-02-23
IESG Telechat date: 2026-03-05

Summary: Has Issues


Major Concerns: None


Minor Concerns:

Section 3.2: The "must" in the second sentence seems to be a consequence
of the "MUST" in the first sentence.  I suggest rewording to avoid
implementers wondering whether this ought to be upper case.  Perhaps
the second sentece could start with: "as a result, all data ...".

Section 3.3.1: The term "configured trust base" is not defined. I
suggest that this term be avoided altogether. I understand changes to
the set of configured trust anchors, but fresh CRLs are issued all the
time.  These two should probably not be talked about in the same bullet
since a fresh CRL does not impact every certification path that might be
active at a RADIUIS server.

Section 3.4: The second paragraphe ends with "determined as follows."  I
was expecting this to end with a colon, and then there to be a list of
bullets or some numbered items.


Nits: None