I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document defines a set of additional sub-TLVs for IS-IS that enable IS-IS nodes to communicate information related to the IEEE 802.1aq Shortest Path Bridging system. The Security Considerations section of the document claims that these extensions do not create any additional security risks. This may be the case, but I found it difficult to evaluate this claim given a basic knowledge of IS-IS and none of 802.1aq. My high-level impression is that the negotiations conducted through the mechanism defined in this document have the ability to affect layer-2 routing in new ways, with the implication that malicious actors in the protocol have new ways to influence traffic patterns or deny service to users. It would be helpful if the Security Considerations could explain why such manipulations are not possible using these extensions (which would seem to defeat the purpose of the extensions), or if they are, what assumptions need to be true in order for the protocol to operate properly. Do all internal network elements need to behave as specified? Only the SPB instances? --Richard