Dear all, Happy New Year 2016! I have reviewed this document as part of the security directorate’s ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. ** Technical ** * Section 8: You refer to IPSECKEY RR [RFC4025] to note some of the possible threats for HIP RRs. I think you should spell these out, and discuss them explicitly. ** Editorial ** * Section 3, page 4: > In the following, we assume that the Initiator first queries for HIP > resource records at the Responder FQDN. s/at/for/ * Section 3, page 4: > and further queries for the same owner name SHOULD NOT be > made. What's an "owner name"? Maybe this should be "domain name", instead? * Section 3, page 5: > Note that storing HIP RR information in the DNS at an FQDN that is > assigned to a non-HIP node might have ill effects on its reachability > by HIP nodes. s/a/an/ * Section 4.2, page 9: > The RVS > information may be copied and aligned across multiple RRs, or may be > different for each one; a host MUST check that the RVS used is > associated with the HI being used, when multiple choices are > present." There's no matching quote sign for this one. Thank you, Tina