Last Call Review of draft-ietf-pwe3-mpls-eth-oam-iwk-
review-ietf-pwe3-mpls-eth-oam-iwk-secdir-lc-hanna-2012-08-21-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document describes how underlying defects in individual circuits
or pseudowires should be mapped in order to provide emulated Ethernet
service. I know very little about this area but I have reviewed the
document and the primary references.

Apparently, pseudowires provide little security themselves although
supplemental security mechanisms may be used. In that context, this
document seems to add no new security concerns. If security measures
are not used, OAM messages can be fabricated, modified, or viewed in
transit but this is arguably no worse than the lack of protection
for all the other traffic flowing over pseudowires.

The Security Considerations section in this document mainly points to
the Security Considerations sections in several more fundamental
documents. Those sections clearly describe the threats inherent in
this design so I see no need for changes to this document.

Thanks,

Steve