This document has been reviewed as part of the transport area review team's ongoing effort to review key IETF documents. These comments were written primarily for the transport area directors, but are copied to the document's authors and WG to allow them to address any issues raised and also to the IETF discussion list for information. When done at the time of IETF Last Call, the authors should consider this review as part of the last-call comments they receive. Please always CC tsv-art@ietf.org if you reply to or forward this review. Summary: I think this document is almost ready for publication, but it will be better to check the following minor points. 1: Page 48 We don't need to support header length for TCP while supporting total length for UDP? I am wondering if we want to support TCP option type here. 2: Page 50: list total-length { key "start end"; leaf start { type uint32; description "Start udp total length for a range match."; } leaf end { type uint32; must '. >= ../start' { error-message "The end hop limit MUST be equal or greater than the start hop limit."; } description "End udp total length for a range match."; } -> is this error message correct? 3: Page 51 leaf-list verification-tag { type uint32; description "The security policy rule according to udp total length."; reference "RFC 4960: Stream Control Transmission Protocol - Verification Tag"; } -> Is this description correct? -> In my understanding, verification tag would be random values. I am wondering how we utilize it. 4: Page 52 We don't need packet type for DCCP while supporting chunk types for SCTP? 5: Page 70 5060 5061 -> should be "5061" ? 6: Page 72 80 80 443 443 -> should be "" instead of "" ? -- Yoshi