First, apologies for the dramatically late review. I hope this is still useful. I think there are two issues worth considering: 1. The DEX scheme seems to create a potential for DoS based on storage whereas I think prevously only DoS vectors related to traffic were documented in the IAOM drafts. That's based on a quick scan though so I may have missed it being considered. 2. I see no mention at all of privacy in this draft nor in draft-ietf-ippm-ioam-data - I don't understand why that's ok given that privacy leaks from the kind of metadata collected here can be subtle? Or maybe that's in some other draft?