Hiya, There are my own comments on the -02 version (with no hat, so take 'em same as anyone else's). These are based on -02 not fully considering other changes proposed on the list, but intended to be merged with those, as appropriate. Cheers, S. (1) abstract: a couple of tweaks, here'd be my suggestion: "This memo defines "opportunistic security" as a protocol design pattern that contrasts with the approach of specifying protocols that only offer implementers or deployers a choice between no cryptograhpic protection and protection against both passive and active attacks. Protocols following the opportunistic security pattern strive to deliver at least some protection most of the time. The primary goal is therefore broad interoperability while enhcancing security overall, in a way tailored to the capabilities of peer systems." But that's just one suggestion, please merge with other points raised. (2) Too many run-on multi-clause sentences, e.g. "Since protection against active attacks relies on authentication, which at Internet scale is not universally available, while communications traffic was sometimes strongly protected, more typically it was not protected at all." Please do a pass where you try to shorten all long sentences e.g. by splitting them up - it really makes for an easier read. (3) Call it a pattern throughout, e.g. change "Opportunistic security encourages..." to something like "Protocols using the opportunistic security pattern encourage..." (4) Yes, move the definition to the start of section 3, as recommended by most people. And define it as a pattern. (5) PFS is defined in 4949, just refer to that for any such term without re-defining. Leap-of-faith is in 4949 and is == TOFU so you just need to refer to 4949 and state they're synonyms. (6) Unauthenticated encryption is not in 4949 so you do need that but please also say that this is *not* the opposite of authenticated encryption as defined in RFC 5116 but means a case where the endpoints for encrypting and decrypting are not authenticated. (7) "...unauthenticated opportunistic security is not a substitute." is wrong I think perhaps better would be "...an outcome of OS without endpoint authentication is not a substitute." (8) I'd get rid of "umbrella" and replace that with "design pattern" (9) The -02 definition paragraph (2nd last in section 3) is still too negative (it mostly says what OS is not). I think there was better wording on the list. (10) Add something to sec. cons. saying that (as per Rene's point) if you go from a state where you have working mutual-auth+encryption to one where you use OS for those same peers then you might be making life worse. However, if you go from a state where you have mutual-auth+encryption for only a few pairs of peers to one where you succeed in the OS game for many peers, then you may have made things better. (11) Author's call, but were it me, I'd add an ack to anyone who commented usefully on saag or the LC thread.