I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: No significant security issues This document is a "refreshing" of rfc6006 (Extensions to PCEP for Point-to-Multipoint Traffic Engineering Label Switched Paths) to incorporate errata that have accumulated over the last seven years. There may be some small additional changes. One minor change was made to Security considerations, and it was a good change, but I fear makes the security considerations somewhat internally inconsistent. That change was to change a recommendation to use TCP-AO to a recommendation to use TLS. TLS is a more logical protocol to use in this context, but the security considerations also references RFC5440, what mandates TCP-MD5 and recommends TCP-AO (which was not available when RFC5440 was written). I'm not sure the best way to resolve this... probably to leave it as is. Someday, RFC5440 should be updated. Security considerations in this document discusses that dangers of someone impersonating a client for the purpose of denying service or learning about the network configuration, and RFC5440 talks about that dangers of eavesdropping in learning what the client is doing. It does not discuss whether there are important threats posed by someone impersonating a PCEP server and returning bad routing information. I suspect that might be a more serious threat then either of the other attacks, but don't know enough about how the protocol is used to know for sure. In any case, all the considerations mentioned above probably belong in RFC5440 (PCEP) rather than this document concerning extensions. --Charlie Kaufman