I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes requirements on management solutions for name servers. I find this document easy to read and well organized, but have the following security-related suggestions and questions: - Section 3.2.2: When developing requirements for a new management solution, why not require support for DNSSEC? - Section 4.4: "Fine-grained" is not defined. I believe a management solution for name servers always should provide an authorization solution, and would suggest you change the initial sentence of this requirement to say: "The solution MUST be capable of providing an authorization model for any management protocols it introduces to the completed system." - Section 6 (Security Considerations): The first sentence is essentially a tautology: "Any management protocol that meets the criteria discussed in this document needs to support the criteria discussed in Section 4 [in this document] ..." I suggest striking this sentence as those criteria already are mandated anyway. Alternatively, re-formulate to something like: "Any management protocol for which conformance to this document is claimed needs to fully support the criteria discussed in Section 4 ..." -- Magnus