I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft updates the Appointed Forwarders mechanism (RFC 6439);
which supports multiple TRILL switches that handle native traffic
to and from end stations on a single link.

The security considerations section does exist and states that this
update does not change the security properties of the TRILL base
protocol.  The section goes on to state that the Port-Shutdown message
SHOULD be secured through the Tunnel Channel protocol (which is in draft
state).  Was this intended to be a normative reference?  The section quickly
finishes with a reference to Authentication TLVs as a way to secure E-LICS
FS-LSPs traffic.  I'm not a TRILL expert and therefore find it difficult to
distinguish between the usage of Tunnel Channels and Authentication TLVs for
securing Port Shutdown messaging.  Could you please clarify?

General comments:

None.

Editorial comments:

s/the need to "inhibition"/the need for "inhibition"/
s/forarding/forwarding/
s/two optimization/two optimizations/
s/messages are build/messages are built/

Shawn.
--