IETF Last Call Review of draft-ietf-grow-nrtm-v4-08
review-ietf-grow-nrtm-v4-08-secdir-lc-ladd-2026-03-01-00

Dear all,

I have read this document as part of the SECDIR effort to read all IDs
proceeding to the IESG. These comments should be treated like any other in last
call. A summary of my review is Ready with nits.

The sole substantive comment I have is that the selection of just Elliptic
Curve keys in Section 4.1 is probably too broad and too narrow at the same
time. To broad in that there are many potential noninteroperable or not widely
implemented curves, too narrow in that emerging PQ signatures will need a
document update to be used. It may be worth rethinking mandating this choice
here. Section 4.1 could also use a bit of editing: the server configures a
private key, then this public key is used.

Editorially I think there were a few times I wrinkled my brow when reading due
to forward referencing, but I think the document is short enough this is fine,
and at this stage in the game such a big change as to reorder with the data up
front, and then how the servers get set up to serve it is probably not worth it.

Sincerely,
Watson Ladd