[Sorry for the resend; I got the tools address for the draft wrong at first.] I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: ready with nits I believe the Security Considerations section of this document is reasonable. Query: I'm not very familiar with MPLS; is the handling of the Entropy Label Indicator the only situation where a Label Switching Router would need to inspect (as opposed to hash for load balancing) labels below the top of the label stack? I was confused by the explanation of why Label 7 (ELI) has meaning as both an ordinary Special Label and an Extended Special Purpose Label until I read RFC 6790. Perhaps explain that looking for the ELI is typically the only reason why a LSR would inspect the middle of the label stack? Re answer 6 of Section 3: If an ingress LSR pushes ESPLs onto the label stack, any downstream LSRs that do not understand ESPLs could erroneously use the ESPLs as load balancing inputs. Would it be a good idea to recommend that ingress LSRs avoid pushing ESPLs onto the label stack if their policy cannot tolerate variations in downstream load balancing caused by inappropriate use of the ESPLs as load balancing inputs by downstream LSRs that don't understand ESPLs?