Security review of Pseudowire Congestion Considerations draft-ietf-pals-congcons-01 Do not be alarmed. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The question that the draft addresses is whether or not TCP flows that are bundled in a pseudowire (PW) need to have a special congestion avoidance algorithm in order to co-exist with normal TCP flows. The answer seems to be a sort of analogy to the central limit theorem: bundled TCP flows behave nearly as gracefully as a similar set of non-bundled flows. Whether or not I got that right, I do agree that this seems to introduce no new security considerations. I do wonder, though, about whether or not an attacker needs to control more or fewer resources to attack a network through a PW than without a PW. I suspect that it depends on the details of the network graph. In any case, the document in question does a good job of discussing the issue of delays and capacity. I think the formula for TCP throughput would be better expressed by moving the common factor of 2p/3 outside the expression in the denominator, but if all previous documents have used the form given in this draft, it would only confuse people. Hilarie