I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document provides a security framework for Multiprotocol Label Switching Transport Profile (MPLS-TP). It is based upon RFC 5920 ("MPLS and GMPLS security framework"), but particularly addresses MPLS-TP extensions. It starts with a good background on the security reference models, highlighting "trusted zones" and "untrusted zones" of various network architectures. It then outlines threats in an MPLS network that are either particularly important to MPLS-TP. The primary mitigation for threats to the infrastructure is to use some form of packet authentication, and this is well covered. It also stresses threats and mitigations to using a network management system used to provision MPLS-TP network elements. Draft -08 is much improved over -07, and I believe is ready to publish. Brian