I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

This standards track draft specifies a protocol for removing the Bit Index Explicit Replication (BIER) header by the 2nd to last router before forwarding to a BIER incapable router.  The goal of the protocol is to prevent the last router in the path from unnecessarily processing the BIER header. 

The security considerations sections does exist and discloses that the protocol does not introduce any additional security implications beyond that of "BIER architecture and OSPF/IS-IS/BGP extensions for BIER signaling".  It would be helpful to outline the relevant RFCs that each of these building blocks of this draft is dependent upon on in this section.  I focused this review on RFC8279 and believe that the aforementioned assertion is correct.

General comments:

A well written document, covering intricate conditionals.

Editorial comments:

None.