I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.   These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.  This document describes a distributed index system to be used by the Locator/ID Separation Protocol (LISP) Ingress Tunnel Router    (ITR) or Map Resolver (MR) to find the Egress Tunnel Router (ETR)    which holds the mapping information for a particular Endpoint    Identifier (EID).  The ITR or MR can then query the ETR to get the information it needs.  This index, or Alternate Logical Topology, is built as an overlay network on the Internet using the Border Gateway Protocol (BGP) and the Generic Routing Encapsulation (GRE). Since LISP+ALT relies on BGP, the authors correctly point out that that it shares many of the security characteristics of BGP.  They should be commended, however, for not merely pointing to the BGP document, but also addressing any new vulnerabilities that could arise from using LISP+ALT.  These are mainly potential denial-of-service attacks, for which suggested countermeasures are included.  Another is the possibility that EID-prefixes would be more vulnerable to leakage since they will be more widely propagated out to the global network.  The authors point out that addressing this problem requires more strict prefix filtering and authentication on  the global routing system.  The authors also discuss, in a final paragraph (10.3), the potential use of emerging BGP security mechanisms that would provide this authentication. All in all, I think this is a very thorough and well-though-out discussion of the security considerations.  My only suggestion would be to include a forward reference to paragraph 10.3 in the discussion of prefix leakage.   Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email:  catherine.meadows at nrl.navy.mil