I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors and document authors.

I think this document is ready with issues.   The document describes a password to key function, scrypt, based on memory hard functions to make it more expensive and difficult to develop specialized hardware to obtain the password from a recovered key.  I'd like to see this document published.  A few issues are listed below. 

First, I think Paul Kyzivat's GenArt review. 

http://mailarchive.ietf.org/arch/msg/gen-art/fToZiioHo-6x5ZRQWNcTr-aUYVk

, raised some points that could help the readability of the document.  

Second, the script algorithm has several parameters, but the document has very little discussion on how to choose those parameters or what they affect (this is also pointed out in Paul's message).  It would be good to have some discussion or guidance for parameter selection in the security considerations.  

Cheers,

Joe