I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. EDITORIAL COMMENTS Section 1.2.2 says: Management trust anchors are used in the management of cryptographic modules. For example, the TAMP messages specified in this document are validated to a management trust anchor. Likewise, a signed firmware package as specified in [RFC4108] is validated to a management trust anchor. This might be better put as Management trust anchors are used in the management of cryptographic modules. For example, the TAMP messages specified in this document are validated by a management trust anchor. Likewise, a signed firmware package as specified in [RFC4108] is validated by a management trust anchor. In Section 1.3.4, s/The application-specific protocol processing MUST be provided the/The application-specific protocol processing MUST provide the/ Section 3, paragraph 3 says "Certificates include a signature, which removes the ability for relying parties to". Just a question: should "relying" in the sentence actually be "relaying"? In any case, "ability for" should probably be changed to "ability of". Suggestion: Section 4.4 says in two places "The status codes appear in the same order as the TrustAnchorUpdate structures to which they apply"; maybe "The status codes MUST appear in the same order as the TrustAnchorUpdate structures to which they apply" would be clearer. In Section 7, s/if the signer is not representated/if the signer is not represented/. The Security Considerations section is remarkably clear and comprehensive.