Last Call Review of draft-ietf-tram-stun-pmtud-09
review-ietf-tram-stun-pmtud-09-secdir-lc-wallace-2018-09-12-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments
just like any other last call comments.

This document describes a Session Traversal Utilities for NAT (STUN) usage
for Path MTU Discovery (PMTUD) between a client and a server.

A few comments (bearing in mind I am not versed in STUN specs):

- It may be worth highlighting the requirement for authentication when
providing an overview of the Complete Probing mechanism in section 2.
- In section 4, replace "Simple Probing mechanism does not require
authentication" with "Simple Probing mechanism does not require
authentication except where used as an implicit signaling mechanism".
- Complete Probing and some uses of Simple Probing require authentication.
Are there any authentication mechanisms that must be supported?
- The second paragraph of the introduction and first paragraph of section
5 open the use of the spec to non-STUN-based protocols may not square with
all of the MUSTs in the document, some of which require STUN (like section
4.1.x). 
- Why is 5780 marked as informative? Attributes from it are required.