I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments. This document is informational and covers the experiences of the General Area Review Team. The Security Considerations of the draft are sufficient. The following three comments: 1. minor editorial in section 4.3 Form of Review => maybe replace the word "stole" with "derived" or any other word. "Rather than invent new guidelines, the Gen-ART requirements for the form of a review stole liberally from" / "Rather than invent new guidelines, the Gen-ART requirements for the form of a review derived liberally from" 2. Section 12: is it beneficial to list all current members of the Gen-ART per name in the draft? - first are there any privacy issues with that? - when adding or removing people from the team, the list in the I-D might become outdated and give false information on the current status. Would it be more appropriate/easier to update the draft to reference the current list of reviewers (e.g. on a tools web page) instead of listing them in the I-D? 3. Section 10 Security Considerations:  is ok so far. On a personal comment/addition: But maybe worth considering is that availability and integrity of sent reviews is also important: I noticed that recently some emails to mail-aliases did not get delivered to the respective lists and therefore reviews and/or answers to reviews might not be received by the individuals on these lists. Unfortunately this happens in some random fashion (for the same sender email and ietf tools aliases within a short time frame, some times it happens some times it doesn't), without a timely warning (but usually with a failure message 3-5 days after the email message has been posted). First investigations may suggest that this could be due to some spam filter or mail server configuration issues, however other reasons might also apply. This can obviously impair the quality of the public review process if individual comments and reviews will not be delivered. Kind regards, Tobias