I reviewed this document as part of the Security Directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the Security Area
Directors.  Document authors, document editors, and WG chairs should
treat these comments just like any other IETF Last Call comments.

Document: draft-ietf-quic-bit-grease-03
Reviewer: Russ Housley
Review Date: 2022-05-19
IETF LC End Date: 2022-06-01
IESG Telechat date: Unknown


Summary: Has Issues


Major Concerns: None


Minor Concerns:

Section 3 says:

   Advertising the grease_quic_bit transport parameter indicates that
   packets sent to this endpoint MAY set a value of 0 for the QUIC Bit.

This does not align with the definition of MAY in RFC 2119.
I suggest:

   Advertising the grease_quic_bit transport parameter indicates that
   packets sent to this endpoint will be accepted with a value of 0 for
   the QUIC Bit.
   
Section 3 also says:

   A client MAY forget the value.

This might align with the definition of MAY in RFC 2119.

   The client can either remember or forget, as the implementer chooses?

Section 3.1 says:

   A server cannot remember that a client
   negotiated the extension in a previous connection and clear the QUIC
   Bit based on that information.

and

   An endpoint cannot clear the QUIC Bit without knowing whether the
   peer supports the extension. 

s/cannot/MUST NOT/ (both places)