I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document's Security Considerations section (Section 23) analyzes some of the protocol's vulnerabilities, but provides no concrete actionable advice. The overall wording in that section suggests directions for future work, but the document does not describe actual protocol elements that are capable of providing the needed protections. Section 23.1 describes confidentiality considerations for the protocol, but does not explain what situations merit confidentiality protection for the network topology. It mentions the possibility of protecting confidentiality in OLSRv2 by using PGP or shared key encryption, but provides no indication of how to do so, nor does it indicate how participants should conduct key management. Section 23.2 describes integrity considerations. The text presents several examples where invalid control traffic may disrupt the network, and distinguishes the situations where data origin authentication for the control message is sufficient from situations that require additional authentication of link states, for example. Authentication of link states seems potentially complicated, because it seems that both ends of a link would have to authenticate the validity of the link between them in a way that third parties could verify. This document does not detail how such link validity authentication would work. Section 23.2 also mentions thwarting replay attacks using temporal information, but there are no obvious places for the protocol to carry such information. Section 23.2 mentions using IPsec authentication headers for authenticating entire control packets, but offers no suggestions about how to perform key distribution. Section 23.3 describes interactions with external routing domains, and makes reasonable suggestions.