IP over SONET considered harmful?

Sounds reasonable to me. My point was that decrementing the IP TTL,
whether it be at each LSR or only at egress, should be a decision
that can be made by the provider.

Well, in that case you also have to not copy the IP TTL into
the tag TTL, but rather synthesize a new tag TTL, assuming
the goal is not to end up with traceroute stars.

I think this is insane, personally, but then Sprintlink in
the past fell victim to devastating forwarding loops, both
tight and loose; the latter were particularly bad, and so
maybe I am "over sensitive".

If you _really_ want to conceal one's network, why not
just outright lie -- at your ingress LSR look for packets
with low TTLs, and for ones that won't make it to their
destinations, synthesize an ICMP time exceeded with your
choice of source addresses. (cf the last paragraph of 2.14
in the current MPLS arch draft) Where this is not possible,
you generate the lie as close as possible to the point where
the ttl timeout would happen.