I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: No security issues This document specifies a syntax only and therefore has no security considerations. The security considerations section points to the RFC8300 for security considerations of the protocol in which these messages are used. General comments: I found no nits with the document. Section 3 of the document repeats information from RFC8300 but in less detail. I assume that's to set context and is non-normative. It omits important details like processing of the "U" fields. Neither document says what to do on format violations (e.g., Length=0). I would have expected Section 4 to say what to do with format violations. For example, if the Length is not the value the spec says it has to be, should the length be ignored, or the extension be ignored, or the entire packet be discarded. What if the sum of the lengths of the extensions exceeds the length (in four octet groups) specified in the outer header? This is common in specifications and does not lead to problems until someone tries to extend the protocol later and discovers divergent behavior in implementations. (Sadly, that's often true even if the specification does define correct behavior because implementations often don't follow the specifications, but you have to start somewhere).