Hello, I have reviewed this document as part of the security directorate’s ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments. IMHO, the document is  ready.  Just a minor comment: it is said in the Security Considerations section that: «an iteration count of 4096 takes around 0.5 seconds on current mobile handsets.» It may be useful to give an idea of the features of a representative «current mobile handset». It can simplify comparisons in a few years from now as things are evolving quite rapidly in this domain. Cheers,   Vincent Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail