I reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document provides a framework to allow the development of protocol extensions to support Generalized Multi-Protocol Label Switching (GMPLS) and Path Computation Element (PCE) control of Optical Transport Networks (OTN) as specified in ITU-T Recommendation G.709. It's part of a group of four documents pertaining to G.709 that are all proceeding through the IESG. Because I know little about GMPLS, PCE, OTN, or G.709, I found this document to be a bit hard to understand. Probably if I read all the references, I might understand it better. I'm afraid that I don't have time for that. I did review the Security Considerations section and found it to be easy to understand. This section states that the threats posed by an enhanced OTN control plane are no greater than the threats posed by the existing, simpler OTN control plane. That seems reasonable. In addition, the Security Considerations section points to RFC 5920, which contains a thorough analysis of the threats that may be mounted against MPLS/GMPLS networks and the countermeasures that may be employed against these threats. The threats and countermeasures described in RFC 5920 seem to be broad enough to encompass any additional issues raised by this document. My conclusion is that, within my limited scope of understanding of this document, the Security Considerations section is adequate and there are no troubling issues from a security perspective. Thanks, Steve