I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document re-defines the multipart/report MIME Media Type, previously published in RFC 3462. It does not substantially change the definition of that MIME type. The documented security considerations identical the RFC, and considers one risk: the use of report types without authentication, which provides DoS opportunities resulting from any entity forging reports. The section mentions that signatures could prevent forgeries, but signatures are outside the scope of the document. This seems like a reasonable statement. This section might also benefit from mentioning that entities exchanging the reports could authenticate their messages when passed from application to application (e.g., Mail User Agent to Mail Transfer Agent) to limit the opportunities of a man-in-the-middle from spoofing reports on behalf of authorized applications. However, this too would be out of scope of this document. Other than possibly adding a statement as suggested above, I see no further changes concerns. Brian