I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is Ready with nits. I have a few questions 
below about the security of this document, but each area I have a 
question about seems to be mostly copied from an established RFC rather 
than new to this draft.

Sections 4 and 5.2: Are you relying on MD5 for any security properties? 
Can anything bad happen if an attacker finds a collision?

Section 5.1: When calculating H, are the boundaries between each 
concatenated thing clear? E.g., would V_C = "1.21" V_S = "0.1" and V_C = 
"1.2" V_S = "10.1" result in the same value for H?

Section 5.1: I assume H or mic_token is used elsewhere to thwart an 
active MITM? From what I see here, everything hashed into H other than K 
is public, so an active MITM could generate different H values for 
different K values for the two sides.

-- 
https://david.mandelberg.org/