This document has been reviewed as part of the transport area review team's ongoing effort to review key IETF documents. These comments were written primarily for the transport area directors, but are copied to the document's authors and WG to allow them to address any issues raised and also to the IETF discussion list for information. When done at the time of IETF Last Call, the authors should consider this review as part of the last-call comments they receive. Please always CC tsv-art@ietf.org if you reply to or forward this review. From a transport perspective, this appears ready. The key transport-related concern is the use of a separate TCP port for "tacacss" than for insecure TACACS+ connections, but this is well justified in Section 5.3 of the draft and seems entirely appropriate. I am not a TLS expert, so did not review the security-related content of the draft. Regards, Colin