I already reviewed the previous version of this draft. I like its practical approach of implementations and the cost of various algorithms, and I think that the data in the draft will be useful when discussing security approaches for small devices. I am happy to see the feedback on privacy issues was taken into account. The document now states clearly that "long-term static identities makes it easy to track the devices (and their owners) when they move... (or) across ownership changes." I have just one small nit. I like the recommendation "to generate new identities at appropriate times during their lifecycle. For example, after a factory reset or an ownership handover." I wish that it would be somehow listed as one of the bullets in section 9, "Summary".