I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes an information model for describing forwarding elements within the ForCES framework. In this model, forwarding elements are constructed as a network of Logical Functional Blocks with a well-defined interconnection topology. The document seems functionally complete and consistent. The document defines an XML syntax for describing FE capabilities and states. This structure (in some semanticaly equivalent encoding) will be the basis for such descriptions within the ForCES protocol. Section 7 makes clear that FE descriptions constructed according to this model will be used to communicate FE topology information for several purposes. Given that attacks on this information while en route between ForCES entities are dealt with in RFC 3746, what seems to me to be missing here is a discussion of what risks an entity can introduce by mis-constructing a model, i.e., by communicating false information within the protocol. For example, could an FE prevent a CE from controlling certain LFBs by omitting them from the topology it reports? Some discussion of these risks would be helpful. Overall, however, I think this document adequately addresses relevant security concerns. --Richard _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf