I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.   The draft draft-ietf-tsvwg-iana-ports-09 consolidates the procedures scattered over several RFC for the assignment of service names and ports for transport protocols.  It establishes definitions and specifications where they were previously missing (like syntax for service names).  It provides a single reference for assignment procedures going forward and establishes procedures for port/name de-assignment, reuse, revocation, etc., and a description of the required and optional fields that must be provided in any request.   I did NOT review the referenced documents and did not therefore consider differences between this procedure and previously employed procedures.   There is a required format for communication of a request to the IANA, I presume by email.  I did not see any mention of the email address to which the request should be sent (RFC5226 also doesn’t seem to mention it).   The procedure requires that the same previous Assignee (or Contact) make any subsequent request about a port/name assignment, where the email address is provided in the request.  Security question: how does the IANA know that it is communicating with the same Assignee/Contact?  There’s no recommendation for security of that communication.   In the IANA section there is a paragraph:        IANA is instructed to create a new service name entry in the service    name and port number registry [PORTREG] for any entry in the    "Protocol and Service Names" registry [PROTSERVREG] that does not    already have one assigned.   Are there no guidelines for creating the new service name?    --Sandy Murphy