I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is ready with issues. I think this protocol change increases the amount of data that a CoAP server would reflect in a DoS attack using spoofed source IP addresses with UDP. I don't see any opportunity for amplification though, just reflection of more data sent by a malicious client. I'm very much not a DoS expert though, so I have no idea if this is an issue at all. What happens when a client changes the (implementation-private) format of the state it puts in the tokens? E.g., what if a client sends a request, applies a software update, then receives the response? (I'm guessing that's a more likely situation with UDP, since the software update would probably interrupt a TCP session.) If an attacker can predict when the software update will happen and how the new version will interpret the old version's tokens, can they replay anything maliciously? (Assuming the replay window includes some messages from just before the software update.)