I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I have virtually no knowledge of MPLS and no desire to acquire any. I do know a little bit about PON, probably enough to be dangerous. For these reasons I will not comment upon the technical aspects of the document, instead limiting my comments to editorial issues and the Security Considerations section. I do have one general question, though: just out of curiosity, why is this not a pwe3 WG document? EDITORIAL Abstract The acronym "MPLS" should be expanded on first use s/an MPLS Packet Switched Network/a MPLS Packet Switched Network/ It is sometimes lamented that the people writing the IETF standards are most often not the people implementing said standards. I think that this may actually be a blessing in disguise, however: if the people writing the standards really don't know the difference between a pointer to an object (e.g, "[RFC3985]") and the object itself (RFC 3985), I don't want them writing code! Section 7.1 The references to G.987 and G.987.3 are formatted differently from those for the other ITU-T documents. The references for RFC 3031, RFC 4447 and RFC 5036 are formatted incorrectly (leading '"' and trailing '".' characters). SECURITY CONSIDERATIONS This section seems woefully inadequate to me. It is a single paragraph, reproduced in full (with interspersed commentary) below. G-PON/XG-PON has its own security mechanism to guarantee each ONU is isolated on the G-PON/XG-PON link layer. Where is the G-PON security mechanism defined? Presumably in one of the 6 ITU-T standards referenced, but which one? Other security issues are unchanged from those applying as standard to PWs and MS-PWs. Please refer to the referenced architectures and protocol specifications for further details. One of the referenced architectures, specified in RFC 3895, says It is outside the scope of this specification to fully analyze and review the risks of PWE3, particularly as these risks will depend on the PSN. An example should make the concern clear. A number of IETF standards employ relatively weak security mechanisms when communicating nodes are expected to be connected to the same local area network. The Virtual Router Redundancy Protocol [RFC3768] is one instance. The relatively weak security mechanisms represent a greater vulnerability in an emulated Ethernet connected via a PW. This seems to me to specifically assign risk analysis and review of novel pseudowires (which this would seem to be) to the designers of such, but this draft does not show any evidence of that analysis.