Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. -- Since the security section has not really been updated since version 14, the comments I made at that time are still valid. Basically: The security section of this document only refers to the security section of 4 related documents. This is all the more annoying as draft-ietf-dime-erp introduces new mechanisms (and potentially new threats and issues). What should I understand? Is the proposal guaranteed to be secure, have all the potential weaknesses been already addressed in the 4 related documents? I can not conclude after reading the security section. One more point. In introduction, the authors say: " Security considerations for this key distribution are detailed in Salowey, et al. [RFC5295]." This reference is not mentioned in the Security Section! Cheers, Vincent