I have reviewed draft-ietf-6man-ipv6-address-generation-privacy-07 as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review.  Document editors and WG chairs should treat these comments just like any other last call comments.   Short Summary This document discusses how other existing IIDs generating mechanism mitigate four types of threats against IEEE-identifier-based IIDs. It is well written. I believe the document is ready for publication and there are no operational or management concerns in a document. I have a few minor comments that are likely to be trivial.   1.      Section 4.1 "    As [RFC4941] explains,         "[t]he  use of a non-changing interface identifier to form       addresses is a specific instance of the more general case where a       constant identifier is reused over an extended period of time and       in multiple independent activities. " s/[t]he/The 2.      Run idnits too, it produces "   Checking references for intended status: Informational   ----------------------------------------------------------------------------     -- Duplicate reference: RFC3972, mentioned in 'CGA-IPR', was also mentioned      in 'RFC3972'.     -- Obsolete informational reference (is this intentional?): RFC 1971      (Obsoleted by RFC 2462)     -- Obsolete informational reference (is this intentional?): RFC 1972      (Obsoleted by RFC 2464)     -- Obsolete informational reference (is this intentional?): RFC 3041      (Obsoleted by RFC 4941)     -- Obsolete informational reference (is this intentional?): RFC 3484      (Obsoleted by RFC 6724)   " I am wondering whether referencing all of these obsolete informational reference is intentional? Why not just use replacing RFC? E.g., RFC3041   -Qin