Last Call Review of draft-ietf-ospf-af-alt-
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.
This draft specifies a mechanism for supporting multiple address families (e.g., multicast IPv6, unicast IPv4, and multicast IPv4) in OSPFv3 using multiple instances of the protocol. An address family is mapped to an OSPFv3 instance via the Instance ID field included in the OSPFv3 header.
The security considerations sections seems adequate in pointing to existing OSPFv3 specifications since this extension does not seem to introduce additional security issues compared to that of basic OSPFv3, and the fact that the multiple instances supporting different address families will have to share the same IPsec SAs when IPsec is used to protect OSPFv3 (due to the absence of a traffic selector operating on the Instance ID field of the OSPFv3 header) is acknowledged.
Small typo in the sec-cons: s/IPsec [IPsec]. can/IPsec [IPsec] can/