Security Considerations for <draft-ietf-tewg-diff-te-proto-03.txt>

Here is an updated "Security Considerations" section proposed for the next rev of diff-te-proto. Please let us know if you have issues/concerns/suggestions on this:

This document does not introduce additional security threats beyond those inherent to Diff-Serv and MPLS Traffic Engineering and the same security mechanisms proposed for these technologies are applicable and may be used. For example, the approach for defense against theft- and denial-of-service attacks discussed in [DIFF-ARCH], which consists of the combination of traffic conditioning at DS boundary nodes along with security and integrity of the network infrastructure within a Diff-Serv domain, may be followed when DS-TE is in use. Also, as stated in [TE-REQ], it is specifically important that manipulation of administratively configurable parameters (such as those related to DS-TE LSPs) be executed in a secure manner by authorized entities.