Reviewer: Joseph Salowey Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is the document is Ready The document describes the integration of Acme with various enrollment protocols. For the most part it seems straight forward. I have one question, bot EST and TEAP allow the option for the client to bind the PKCS#10 message to the TLS tunnel by inserting the TLS unique into the message challenge password field. The draft makes no mention of this facility, should it? I we expect that the default expectation would be this would be included unless there was a reason not to. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call