I have reviewed draft-ietf-softwire-public-4over6-09 as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Given that this is an informational draft documenting existing practice, I have no serious security concerns with the draft. FWIW, I agree with the issue Sean Turner already raised in his discuss, not that Sean needs my approval. If the draft gets another spin, the security considerations could benefit from a bit more text making it clear that the proposed use of IPv6 address filtering is in the context of the constrained environment of a single ISP, where such filtering is based on the ISP's knowledge of its own topology and address allocation scheme. One can sort of read this between the lines anyway, but it would be better to make it explicit.