Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft proposes a performance monitoring technique that marks packets in a block with the same "color". It describes ways to use this coloring to monitor packet loss, jitter, and other performance characteristics of a flow. The security considerations are well done and seem complete (with the exception of a nit, see below). The summary of the review is Ready with nits. Those nits are: - section 3.1 describes two different ways to identify packets in a block that it wishes to color but then says one of them (using a timer instead of a fixed number) is REQUIRED to be used. That seems odd. Why discuss an alternate that is not allowed? It's not clear whether this should be a MTI and not an MTU but if it's an MTI then just state that, if it's an MTU then get rid of the technique that one is not allowed to use. - section 5 discusses clock synchronization and says that the variable A is the clock accuracy in an equation to determine a guard band. But A is also the color given to a particular block which seems confusing. Suggest a different variable name-- C or T or something. - section 7.1 discussing requirements for a controlled domain ends with a sentence that belongs in the security considerations of section 10 with a reference back to 7.1 regards, Dan. -- "The object of life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane." -- Marcus Aurelius