Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready My only comment was that the text above may need some clarification. """This separation of layers can improve security and usability of ACME validation.""" More specifically, it was unclear to me if the improvement concerns the presented challenge versus the other ones (DNS or HTTP) or something else. Yours, Daniel