Hello,

I have reviewed this document as part of the security directorate’s ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

Summary: Has Nits

Thank you for the clarification of the Security Considerations section.
I just have a minor comment and a typo.

- It is said (section 6):
  "The CMD SHOULD use a pacing approach to limit
   this amplification risk."
I agree, but where do you intend to apply pacing? In the incoming queue (i.e., by delaying some PBU/PBA
messages) or in the outgoing queue (i.e., to limit output traffic), or both? It's a bit unclear.

- Typo: remove one "exist" in sentence: "there may exist multiple previous (e.g., k) MAARs exist."

Regards,    Vincent