I reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Looking at the extensive, and well structured, security considerations suggests to me that the general scope of attacks is well documented. Several options are provided in Section 7.2.2, and in particular file vs packet level protection seem not to be wholly described. (It seems to be suggested in other sections that both are needed). I also note that the document appears to advise that MIME types can be deduced from the filename - such deduction has been known to be susceptible to damage, and I would further note that in the case of many URIs, there is a provided type already available by (possibly partial) resolution of the URI. In general, it's better to discard and replace file extensions based on the known media type to avoid the "foo.jpg.pif" cases. Dave.