Greetings again. This is a last-call review of draft-ietf-ccamp-gmpls-ether-svcs-04, focusing on security issues. This document does not introduce any new security concerns. The Security Considerations section says: This document introduces new message object formats for use in GMPLS signaling [RFC3473]. It does not introduce any new signaling messages, nor change the relationship between LSRs that are adjacent in the control plane. As such, this document introduces no additional security considerations. See [RFC3473] for relevant security considerations. RFC 3473 is GMPLS signalling with RSVP-TE. RSVP has hop-by-hop integrity protection that is often used in real-world deployments; no privacy is assumed in the signalling. However, RSVP-TE introduces non-hop-by-hop notifications that are adopted by draft-ietf-ccamp-gmpls-ether-svcs. Unlike the rest of RSVP-TE, those notifications have no integrity protection unless that operators run the protocol under a security service like IPsec, which they apparently rarely do in real-world deployments. To be clear, draft-ietf-ccamp-gmpls-ether-svcs doesn't make anything in RSVP-TE any worse, it just uses the existing completely-unprotected notifications. The lack of security is an operational issue, not a protocol issue. --Paul Hoffman, Director --VPN Consortium