Hi,

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

The summary of the review is Ready with Nits.

Overall, the document is readable and understandable. The nit that I found is that the document says that the implementation of the Increment field is "advisory" (bottom of page 3) even thought this is a Standards Track document. I believe that the authors are trying to say that implementation and deployment will take some time and that not all intermediaries will be provisioned immediately. If that is the case, the authors may want to consider something like the following:

>>> It is expected that there will be a transition period while implementations of the 
>>> Incremental header field are being deployed in intermediate devices. During that 
>>> transition period, an intermediate that cannot interpret the Incremental header 
>>> field MUST ignore it. While this is not optimal, that operation has expected 
>>> outcomes. However, an intermediate that can interpret the Incremental header field 
>>> MUST honor it as described within this specification.

It may also be good to reference the Security Considerations of [HTTP] and provide the advice that implementors of Incremental be familiar with that.

Best regards,
Chris