Reviewer: Derek Atkins Review result: Has Nits Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: * With Nits Details: * Section 2: Unencrypted transport headers provide information can support network operations and management I think this is missing a "that" -- "..provide information that can.." * Section 3.2: For example, [I-D.ietf-quic-transport] specifies a way for a QUIC endpoint to optionally set the spin-bit to reflect to explicitly reveal the RTT of an encrypted transport session to the on-path I think "to reflect to explicitly reveal" is incorrect; it should be either "to reflect" or "to explicitly reveal"... Or add a conjunction: "to reflect AND to explicitly reveal" (emphasis mine). * In section 4, Greasing: A protocol can intentionally vary the value, format, and/or presence of observable transport header fields [RFC8701]. This This suggestion has a negative security impact in that it could leave room for a hidden communication channel. A bad actor could intentionally vary those bits by inserting data they wish to exfiltrate. -derek -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call