I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The security considerations section does a reasonable job of describing threats against the protocol. It seems also that RFC 4609 might also be relevant, if it is it should be referenced. In several cases the security considerations section suggests using source authentication to mitigate problems. The document does list IPSec AH as a way to achieve this, however this is not a mandatory to implement mechanism. In addition this document points to RFC 4601 for direction on how to use IPSec. RFC 4601 just specifies manual keying without any specific parameters. This leaves the pim-bidr draft (and RFC 4601) without an specified mandatory to implement interoperable security mechanism. This issue was discussed previously during the last call of RFC 4601. I would like to understand better why IPSec AH does not have a stronger requirement and why no automated key management is specified. Thanks, Joe _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf