I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This documents adds Origin attribute to the STUN that can be used in similar ways as the HTTP header field of the same name. The specified use cases include logging, analytincs and to provide additional information to the server in addition to the authentication mechanisms used. The draft notices that it can be set by attacker to any way, and can be modified in transit, and that it can also have privacy implications, so it should be protected using TLS or DTLS when needed. I think this draft is Ready. -- kivinen at iki.fi