Hello,

I have reviewed this document as part of the security directorate’s ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

Summary: Ready

I have no comment regarding the security part, little is said in section 6 which
seems appropriate. The three RFCs referenced are appropriate and I agree with
the authors the present document does not change the situation.

However, I have a few comments on non-SecDir aspects, so feel free to ignore it.

For someone who's not aware of the topic, the abstract and introduction are really
obscur and of little help to understand the context (e.g., no mention of multicast).
After reading the abstract of RFC8279, then everything became clear.
Sure, RFC8279 is prominently mentioned in the introduction, yet I think a sentence
to position this document in the full architecture would be very helpful.

Also, the document makes use of several acronyms that are not defined:
Section 1 mentions BFERs that is never defined/expended.
Section 2 mentions BFRs that is defined only in section 3.

Finally, shouldn't step 4 be rewritten to highlight the case where RC(BC(X)),
 is empty as in:
        4.  if (RC(BC(X) non empty)
             then run AG on RC(BC(X) 
             else throw an exception.
As explained in Section 4, this is an exception caused by a bad network design.

Typo: 

- Section 2: mistake, this is probably RFC 8444 and not 8441.
>   The definition for the BAR and IPA fields in [RFC8401] and [RFC8441]
>   are updated as following.

Cheers,

   Vincent