Reviewer: Leif Johansson Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready (with one question below) The only question I have is on this paragraph in the Security Considerations section: "In the case that a zone identifier contains the hexadecimal MAC address of a network interface, it will be revealed to the HTTP recipient and to any observer on the link. Since the MAC address will also be visible in the underlying layer 2 frame, this is not a new exposure. Nevertheless, this method of naming interfaces might be considered to be a privacy issue." Modern operating systems have the ability to randomize MAC addresses for privacy reasons. The Security considerations section doesn't mention this practice and I'm wondering if it should and in particular if the section above is impacted by this practice. Other than that I find the document well written and a good attempt to describe the various challenges in this space. Well done! -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call