I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and others should treat these comments just like any other late last call comments. The document is well-written although it uses a lot of jargon without defining it first. For example: An increasing number of enterprises, over-the- top voice-over-IP (VoIP) providers VoIP I understand. What is over-the-top? Since the target audience is IETF people who are more well-versed in telephony jargon than I am, this is probably fine. What I didn't like about this is the introduction in section 1. It reads like a marketing document rather than a technical one. For example: The challenges of utilizing telephone numbers (TNs) on the Internet have been known for some time. It's only challenging if I want to use a TN on the Internet. Why do I want to do that? Thanks to the increasing sophistication of consumer mobile devices as Internet endpoints as well as telephones, users now associate TNs with many Internet applications other than telephony. So because my phone is so sophisticated and has IP, I now associate phone numbers with Internet applications? Why? The Security Considerations section is fine, but I think this is one draft that should have privacy considerations either as a separate section or as a paragraph in the Security Considerations section. It should be called out that the administrative data often contains PII - real names and addresses of users and the usage of phone numbers as identifiers on the Internet allows for mapping these real names and addresses to transactions on the Internet. I think this deserves a mention