Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This is a re-review as I initially reviewed version -35. I noted there that this is a very long document and I was only able to review certain sections of that document. The subsequent revisions have not shortened this document any. Rather than attempt a new review, I checked the diffs from the version that I had previously reviewed up to this version. Again, I find the document to be very comprehensive and well written. I can find no apparent security issues with this document. Best regards, Chris