I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This document is Almost Ready, but its publication as an RFC may or may not be the right way to address the problem it is targeted at.

Can one of the authors cite a specific reference to the problem that this draft is trying to address? A written example of where this "false notion" exists?

If the sole purpose of this document is to state a normative prohibition on one aspect of RPKI as described in the informational RFC 6480, would a better approach not be to normatively specify RPKI via a 6480bis on standards track? It feels weird to create a single normative prohibition for a specification that is otherwise classified as informational, but perhaps there is sufficient precedent for this.

My one nit suggestion would be to make some of the language a little less casual, starting with the abstract.