Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Note: I noticed that there is also a version 07, and i have looked at that. My comments pertain to both versions. IPv6 allows for specifying ‘atomic fragments’, where the packet is not really fragmented but the ‘fragmented’ header is to indicate that on the path there are network elements in the path that have an MTU size below the mandatory minimum of 1280 for IPv6 (for example IPv4/IPv6 translators). According to draft-ietf-6man-deprecate-atomfrag-generation-06 this introduces security risks, and has no benefits, and therefore proposes to remove atomic fragments from IPv6. I am not at all an IPv6 expert, so my comments may not be valid and feel free to ignore them. But I can’t help thinking that much of the motivation for removal of this feature is in the fact that implementations misbehave. I find that a weak argument. Not being an expert, I can not judge well whether removing the feature is harmless, but I would be very cautious with removing extension headers for that reason.  Fragmentation in itself is an attack vector, but I don’t understand why that is more of a problem with atomic fragments, apart from the aforementioned implementation errors. Apart from that, I see no glaring security issues, so if there is broad consensus in the WG that this is the right thing to do, I consider the document ready. Klaas    --  Klaas Wierenga Identity Architect Cisco Cloud Services