I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This is an update to RFC5996 (IKEv2). From the document, it makes the following changes:

   Fixed section 3.6 and 3.10 as specified in the RFC5996 errata 2707
   and 3036.

   Removed Raw RSA Public keys.  There is new work ongoing to replace
   that with more generic format for generic raw public keys.

   Added reference to the RFC6989 when using non Sophie-Germain Diffie-
   Hellman groups, or when reusing Diffie-Hellman Exponentials.

   Added reference to the RFC4945 in the Identification Payloads
   section.

   Added IANA Considerations section note about removing the Raw RSA
   Key, and removed the old contents which was already done during
   RFC5996 processing.  Added note that IANA should update IKEv2
   registry to point to this document instead of RFC5996.

   Clarified that the intended status of this document is Internet
   Standard both in abstract and Introduction section.

   Added name Last Substruc for the Proposal and Transform Substructure
   header for the 0 (last) or 2/3 (more) field.

Based on the well known and well respected collection of authors, I think it is safe to conclude that ample consideration has been given to all things security in this one. I see nothing in the above list that makes me think otherwise.

--Scott