I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at . Document: draft-ietf-lamps-nf-eku-02 Reviewer: Elwyn Davies Review Date: 2023-09-10 IETF LC End Date: 2023-09-08 IESG Telechat date: 2023-09-21 Summary: Ready with a number of nits. Major issues: None Minor issues: None Nits/editorial comments: Abstract and s1: It would be useful to provide a reference to 3GPP document TS 23.501 with a pointer to Section 6 which defines what the Network Functions are both at the end of the Abstract and in the first para of s1. s1, 1st bullet: Should '5GC Service Based Architecture' be '5G Core Service Based Architecture'? s1, 2nd bullet: I suggest s/is JSON Web Tokens and is/uses JSON Web Tokens which are/ s1. para 6 after bullets: This starts > [RFC5280] specifies several extended key purpose identifiers (EKU), > defined via KeyPurposeIds, for X.509 certificates. Using the abbreviation EKU at this point is premature (it is defined in para 8) and IMO confusing. I suggest: > [RFC5280] specifies several key usage extensions, > defined via KeyPurposeIds, for X.509 certificates. Key usage extensions added to a certificate are > meant to express intent as to the purpose of the named usage, for humans and for complying libraries. s1, para 7: s/a NF who generates/a NF which generates/ [It's a function not a person.] s1, para 8: s/However, there is currently no KeyPurposeIds/However, there are currently no KeyPurposeIds/ s3, para 2: s/EKU extention/EKU extension/, s/require the keyUsage extension/require the KeyUsage extension/ s4, para after bullet 3 and s5: The abbreviation KU on its own has not been defined and is not used elsewhere: s/KU/KeyUsage/ (two places) s7: s/ The inclusion of EKU/The inclusion of the EKU/ s8, para 1: s/This OID/These OIDs/ s8: You could add references linking to the two registries referred to in this section.