I have reviewed this as part of the SECDIR effort to review all
documents. I believe it is ready with nits.

I am concerned that this document doesn't adequately address the
consequences of malicious insertion of overload reports. While I am
not an expert on Diameter (and in particular what kinds of
authentication are used), merely noting that a malicious report can
have negative consequences is not enough. Mechanisms should be defined
to prevent this, such as authenticating all connections and ensuring
that reports only apply to the nodes that send them. The fact that
Diameter connections are authenticated may or may not be enough.

Sincerely,
Watson Ladd