I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
Document editors and WG chairs should treat these comments just like any other
last call comments.

This document defines the use of Constrained Application Protocol
(CoAP) as a transport for the Certificate Management Protocol (CMP). 

Nits:
1. I believe that the security considerations from RFC 6712 should be either echoed in this document (where applicable),
or at least be referenced.

2. I think that Section 3 (Using CoAP over DTLS) should be moved to the Security Considerations section,
or be referenced from there.

3. Section 5. I think that the sentence

   The CoAP is vulnerable due to the connectionless characteristics of UDP itself.

should either be expanded of what particular vulnerabilities are meant (because
not all CoAP vulnerabilities are concerned with using UDP) or deleted.