This is a very nicely-structured, efficient, well-written document - among the most clearly-written that I've read in a few years. Nits: As a minor point, I am really not a fan of using RFC 2119 language for informational documents, and in this case it's being used somewhat inconsistently (for example, the lowercase "must" in section 4). I'm also a bit unclear on what's intended by "must optionally authenticate" and suggest that that should be clarified as to whether what's meant is "mandatory to implement but optional to use," or "optional to implement" and should probably be a "SHOULD" (or a "should"). Additionally, it may be helpful to provide an example or two of how the EVPN OAM channel could be exploited as a DOS vector, and to explain what problem is solved by authenticating EVPN endpoints.