I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I have reviewed the document several times during its lifecycle and I think it is ready for publication. I believe the security considerations discuss the ways the discovery could be attacked and provide some means to mitigate them. The procedures in this document would benefit from a standardized way to identify the access network domain identity from the network authentication, but it does not seem to be there yet.