Hello, I have reviewed this document as part of the security directorate’s ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: Ready with issues The Security Considerations section provides a good introduction to the risks. However my main concern is the lack of discussion around security policies. After reading this section, we have the feeling that TLS alone is sufficient to secure the GMPLS PCE WRT the three attacks described. With scenario 1, a fundamental part of the solution consists in setting up security policies: what is acceptable or not in terms of path? It may be discussed in the two references mentioned in the last paragraph, but even in that case, the way the current section is written is misleading. I have two additional comments: ** Ambiguous text: it is said o Message deciphering: As in the previous case, knowledge of an infrastructure can be obtained by sniffing PCEP messages. Message deciphering suggests the message is encrypted but the attacker has enough knowledge to decrypt it. I'm not sure it's what the authors mean. I think there's a confusion in the use of "deciphering" which in security explicitely refers to encryption (https://en.wikipedia.org/wiki/Cipher). ** Ambiguous text: it is said "Authentication can provide origin verification, message integrity and replay protection,..." Àuthentication of the two peers on the one hand, and integrity/replay protection on the other hand, are different services. There's probably a package where these three services are bundled together, but that's a design choice. I suggest changing a little bit the sentence to avoid this confusion. Typo: ** Section 6: "A legitimate PCC could requests" : s/requests/request/ Cheers, Vincent