I have reviewed this document as part of the security directorate's 


ongoing effort to review all IETF documents being processed by the IESG. 


 These comments were written primarily for the benefit of the security 


area directors.  Document editors and WG chairs should treat these 


comments just like any other last call comments.




Summary: not sure, see below



I am agreeing with RAI ADs that it is not exactly clear what is the 


value in publishing this document. I am also very curious to see some 


design that can satisfy all of these requirements (which are frequently 


contradictive).






Having said that, I liked the introduction (problem statement) part of 


the document.






Security considerations seem to be covered, but as per above, I have 


hard time figuring out if a system that satisfy them is actually 


feasible. In particular I am interested in knowing how devices can 


satisfy the following requirements:




Support suitable security bootstrapping mechanisms

Self-configuration capability

Self-management - Self-healing

Recovery


in presence of hostile agents on a network of constraint devices.