I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the  security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This document specifies the "leaptofrogans" URI scheme. Its security
considerations section provides a discussion of common URI risks and how
they apply to the frogans URIs. I do wonder a bit about the statement that
"[the] risk of confusion i[due to the true address being hidden in the link
text visible to the user] is mitigated because Frogans Player must always
display the real Frogans address contained in the URI" - does this
necessarily also apply to "inbound" direction cases - i.e., when a regular
browser displays a link which allows the user to launch a frogans site?

(Unrelated, the "leaptofrogans" name seems long. The scheme part of URIs is
typically the name of a protocol or similar. In the frogans case, "fsdl"
comes to mind as iI understand it to be the language used to create frogans
sites (I do not know what protocol is used to commuicate with such sites).)
Thanks,
-- Magnus