Reviewer: Valery Smyslov Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document defines the use of Constrained Application Protocol (CoAP) as a transport for the Certificate Management Protocol (CMP). Nits: 1. I believe that the security considerations from RFC 6712 should be either echoed in this document (where applicable), or at least be referenced. 2. I think that Section 3 (Using CoAP over DTLS) should be moved to the Security Considerations section, or be referenced from there. 3. Section 5. I think that the sentence The CoAP is vulnerable due to the connectionless characteristics of UDP itself. should either be expanded of what particular vulnerabilities are meant (because not all CoAP vulnerabilities are concerned with using UDP) or deleted. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call