I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.    These comments were written with the intent of improving security requirements and considerations in IETF drafts.    Comments not addressed in last call may be included in AD reviews during the IESG review.    Document editors and WG chairs should treat these comments just like any other last call comments.     This document is a replacement document for RFC4582        The document is well written and is ready to be published with a Nit. I did not look for textual nits only evaluated   the document from security perspective.       Authenticaion and message integrity are recommended but outsourced to    TLS, and DTLS.      Nit: The security section does address the issues of pervasive monitoring.    It does not provide any information what an obsever   may learn by sniffing traffic at the BFCP server, i.e. other than   discover participants IP addresses, possibly their identies depending   on how authentication is done, as well as their roles and actions?    Olafur