I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes the problem of enabling a large number of systems to communicate directly using IPSec and defines requirements for prospective solutions. As a problem statement, it does not introduce any new security concerns. I have no new use cases, requirements or security concerns to contribute. I had one minor nit. The use cases specifically call out a need for an authentication mechanism. The requirements do not (other than implicitly through requirement 5).