I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: Ready with issues The Security Considerations section describes the possible implications of a malicious party sending false ICMPv6 Packet Too Big messages and reasonable ways to mitigate their impact. The section also discusses the implication of filtering valid ICMPv6 Packet Too Big messages, which is one of the limitation of this mechanism, and points to a more robust alternative. Issues ====== Issue 1 - The Security Considerations section, page 14: The first paragraph is discussing the case of malicious party stopping a victim from receiving legitimate Packet Too Big messages. The second paragraph is discussing the filtering of such packets and implies the potential implication of "black holing". It seems to me that in both of these use cases "black holing" is possible, and should be clearly stated as such. Issue 2 - Section 4, 5th paragraph: Should the term "near future" be clearly defined here? Nits ==== Page 6, first paragraph: Drop the "to" before the word "appear" Regards, Rifaat