I have been selected as the General Area Review Team (Gen-ART) reviewer
for this draft (for background on Gen-ART, please see
http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).
Please resolve these comments along with any other Last Call comments
you may receive.

Document: draft-ietf-tcpm-tcpsecure-11.txt
Reviewer: Brian Carpenter
Review Date: 2009-04-11
IETF LC End Date: 2009-04-16
IESG Telechat date: (if known)

Summary:  Ready (minor comments)
--------

Comments: 
--------- 

This draft is clear and well explained.

There's a reference in the Acknowledgements to some interoperability 
testing, which I was glad to see since this is a change to some
very basic host behaviour. There are also some references to experience
in the shepherd's writeup. I wonder whether it might not be useful
for this rather special case to file an interop report, even though 
that is not required for PS?

Editorial issues:
-----------------

6.  Suggested Mitigation strengths

   As described in the above sections, recommendation levels for RST,
   SYN and DATA are tagged as SHOULD, SHOULD and MAY respectively.  The
   reason that DATA mitigation is tagged as MAY, even though it
   increased the TCP robustness in general is because, the DATA
   injection is perceived to be more difficult (twice less unlikely)
   when compared to RST and SYN counterparts.  

Surely that should be "(twice as unlikely)"? "less unlikely" seems
to be the opposite of "more difficult".

There is at least one occurrence of "it's" where the word intended is "its".

== The document seems to lack a disclaimer for pre-RFC5378 work, but was
     first submitted before 10 November 2008.  Should you add the disclaimer?

== Unused Reference: 'RFC3562' is defined on line 774, but no explicit
     reference was found in the text