Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I have the following COMMENTS: 1. Overall, the document does not discuss I18N. Is it required that the mailto contains US ASCII only when it is encoded in DNS? This is unclear to me. 2. Section 4, what is the security implication if the same number is used to identify different URIs. In other words, what prevents the choice of numbers from collisions and what happens when there is a collision. "Number squatting" does not seem to be mitigated by DNS SEC as mentioned in the document. This is just not clear to me but I am not an expert here. 3. I agree with the comments that adding some description of potential use cases would help when the PROTO write-up mentions there is no implementation interest. For one thing, security considerations typically would make more sense in the context of use cases. Best regards, --larry _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf