Hi,

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

The draft describes extensions to the pseudowire control protocol to dynamically place the segments of the multi-segment pseudowire among a set of Provider Edge (PE) routers.

The draft is relatively straightforward and clear, but from a security PoV I did take issue with the statement in the security considerations that goes:

"This document specifies only extensions to the protocols already defined in [RFC4447], and [RFC6073]. The extensions defined in this document do not affect the security considerations for those protocols."

When you essentially propose a mechanism to insert dynamically men in the middle you can imo not just state that nothing changes. In the meanwhile I have talked to some people that are much more cognisant about pseudowires than I am, and I have let myself be convinced that this indeed not introducing new attack vectors (as compared to static PW and normal MPLS networks), and that existing threats can be mitigated by doing end to end connection verification, but I believe that others, like me would be helped by a short discussion pertaining to this.

Hope this helps,

Klaas