Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is "Ready with nits". This draft defines two new capability identifier URNs for use in the RESTCONF protocol and also some new behavioral requirements on servers implementing it. My nit is on that last bit. In sections 3.2.1 and 3.2.2 present the new query parameters and say that they are "optional to support" and then go on saying what behavior is needed if it is supported. I think those need to be changed to be RFC 2119 words, either SHOULD or MAY depending on the reasons that might exist for not implementing them (basically conform to what the words mean in RFC 2119). Other than that, the draft is pretty simple and straightforward. The security considerations are basically a punt but given the nature of this draft that's probably fine. regards, Dan.