Reviewer: Tero Kivinen Review result: Has Issues I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes a way to make synonyms for MPLS flows so those flows can be processed differently. It does include privacy considerations which says that depending on how the synonyms are used there might be privacy issues. It does claim in the security considerations section that there is no new security issues associated with the MPLS dataplane. I think that is not true. If there is any kind of different processing depending which synonym is used that can be used to bypass that processing by using the another synonym instead of the intended one. For example if attacker knows that specific synonym causes deep packet inspection (one of the examples given), and he might want to use the synonym which bypasses this inspection, in case he is sending things he does not want to be inspected. This could be some kind of malicious code somehow loaded to the sending device or something. On the other hand my understanding that trust model of MPLS is mostly we blindly trust everything other end says, so someone able to use different synonyms are most likely also able to do other even worse things, but I think there are new things caused by this addition than what is already present in the MPLS now. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call