Hello,

   I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

   I found the draft somewhat hard to read. It seems kind of loose in
its terminology. For example, "A node is either the root node or one
of its descendants." Its? So a node can be its own descendant? I have
to think that should be "...or the descendant of a root node." Also,
"member values have nodes, but members and member names do not" but
members are a name/value pair so it takes a bit to parse that. A
member doesn't have a node but a component of the member does? What?

   The security considerations were good and they highlight things
that an implementer needs to pay attention to, which is important.

   The descriptive text was, for me, confusing until I got to an example
and then the confusing text made sense. Given the fact that this
document has gone through 16 revisions I want to believe that the
confusion is not shared by others who may be more familiar with the
subject matter. So as much as I initially wanted to say the draft
has issues (loose and confusing language that is highly contextual)
I will just say that it is Ready.

   regards,

   Dan.

-- 
"The object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." -- Marcus Aurelius