I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Does this mechanism introduce new points for a DoS attack, e.g. forging the ICMPv6 error message (type 1, code 5) mentioned in Section 5.1? I would like to see a list and discussion of these or, if appropriate, an analysis showing that none exist. It's probably worth explaining this 2119 RECOMMENDation in more detail: Unless an lwB4 is being allocated a full IPv4 address, it is RECOMMENDED that PSIDs containing the well-known ports (0-1023) are not allocated to lwB4s. I would like to see a discussion of provisioning mechanism security. Are there security-related factors that should drive the choice of provisioning mechanism (the doc mentions several options...)? Are there configuration choices that should or must be made when using one of thsoe for this purpose? Non-security stuff: I'm not seeing any explicit discussion of whether (and how) a lwB4 can request additional port space after the initial assignment. If that feature does not exist, I would like to see it explicitly acknowledged as a limitation with a discussion of why it is not being provided. Again, assuming that there is not such a mechanism: since this is the architecture document, I would like to see a few words on expected port assignment/utilization ratios. Assuming a typical case of a residential subscriber, it seems that lw4o6 would need to assign enough ports to each user to accommodate expected peak usage. This pretty clearly results in fewer users accommodated on a public v4 address than if they were sharing the port space on demand. How much much v4 space does lw4o6 consume in this environment compared to DS-Lite? Editorial stuff: The next-to-last paragraph of section 1 doesn't seem to flow well with the text around it, perhaps for lack of clarity in pronoun antecedents: This document is an extended case, which covers address sharing for [RFC7040]. It is also a variant of A+P called Binding Table Mode (see Section 4.4 of [RFC6346]). And I think something is broken in the below sentence: The solution specified in this document allows the assignment of either a full or a shared IPv4 address requesting CPEs.