Reviewer: Niklas Widell Review result: Ready I have reviewed  draft-ietf-lamps-lightweight-cmp-profile from IoT point of view, as part of IoT directorate document reviews. The long and comprehensive document specifies a CMP profile for use in industrial/machine-to-machine deployments. I am not a Certificate management expert so I cannot judge on detailed level how well the profile fulfils what it sets out to do, but document appears to be a well-written, thorough and detailed work. I did not identify any other IoT related issues with the document other than the minor one below. The document is ready for publication. Minor issue: - (more of a question really) The draft notes that it can be used for (constrained) IoT devices, and I don't see anything directly countering that (e.g., there is mapping to CoAP, optionality is reduced etc). However, without implementation insights it is hard to say if the profile actually results in lightweight implementation - are there any results to show that that is the case? E.g., are any of the mandatory EE side operations known to be cumbersome from compute perspective, or are the similar existing 3gpp & UNISIG profiles reasonably lean in size? Nits: - (editorial) section 4: the CMP message names (ip/cp/etc) are not described until section four, but used before that. Given the otherwise good background material it would be good to have the reference moved earlier. - Why, if CMP message names are well known and commonly used, are they only used for CoAP paths and not for HTTP ones? (e.g., why does CoAP have "ir" and HTTP "initiatlization" for the same operation (enroll EE to new PKI))