Hi,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.



Overall, I found no problems with the document.  It is well written and 


very explanatory.  The following notes and suggestions are editorial.






It would be nice to reference the security considerations of RFCs 1034 and 


1035 just to say that this specification doesn't add any new 


considerations, however those documents don't have any security 


considerations sections.  Would the authors then consider something like 


the following (which would be the first paragraph in Section 8):



   This document is a clarification of a mechanism outlined in RFCs 1034
   and 1035 and as such does not add any new security considerations.  The
   security considerations relevent to the deployment of this
   specification are noted in RFC 4033.



In my first reading of the document, I was unfamiliar with the term "mbz". 


I'd suggest expanding the acronym in one place.




Thanks,
Chris