I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the  security
area directors.  Document editors and WG chairs should treat  these
comments just like any other last call comments.

The summary of the review is Ready with nits.

Thanks for addressing almost all of the comments from my previous 
review, the changes in the document look good. I had one comment before 
(also, below) that I didn't see addressed (sorry if I missed it). Since 
I really don't know what the numbers should be, it's just a nit.

Section 7 says "the key size used should be at least 128 bit with 
"sha256" for <scheme> and at least 80 bit with "sha1" for <scheme>." 
Those key sizes seem rather low to me, but I don't know exactly what 
they should be.

-- 
Freelance cyber security consultant, software developer, and more
https://david.mandelberg.org/