I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I didn't find anything objectionable from a security point-of-view in this I-D. DOTS is a protocol for reporting denial of service attacks to someone closer to the source than you are in hopes they can block such attacks before they have wasted more network bandwidth. The agent reporting the DoS is the DOTS client and the agent receiving the report is the DOTS server. The DOTS protocol is described in other documents. There is a special case where a DOTS server is running in a "home" network where it is capable of initiating connections but not receiving incoming ones because of NAT or firewall. This document defines a variation of the DOTS protocol for such scenarios where the DOTS server initiates the connection to the DOTS client in order to receive notifications of DoS traffic originating inside the firewalled network. Since authentication uses client and server certificates with TLS or DTLS, little needs to be changed to support this role reversal. Found one typo: Section 5.3.2: depictes -> depicts