I lack sufficient knowledge of PIM and LISP to know if the security considerations specified in this update to RFC 8059 suffice. That said, based on my assumptions around the new security considerations, I believe the mitigations listed are pertinent to the new threats despite leaving the reader to discern how they are to effected.

For the sake of the RFC Editor and other inexpert readers like me, I do offer the following nits for consideration:

Page 2, section 1, 2nd paragraph, 3rd sentence: it might be better to point at RFC 9300 for the definitions rather than RFC 6831. This is what was done on the very next page, so rather than confusing the reader, just point to one place.

Page 2, section 1, 3rd paragraph: insert “needs to” before “avoid” for easier reading.

Page 3, section 2: delete “very”.

Page 3, section 2.1, 1st sentence: change “a RLOC” to “an RLOC” matching usage in some of the references. Please give a reference to such usage as “G-u”, “G-u1”, etc. I could not easily find matching usage in RFC 8059 or RFC 9300. It may be that these are well understood in the community.

Page 3, section 2.1, 2nd sentence: bracket “e.g.” in commas.

Page 4, section 3.1, 1st paragraph: drop “RFC8059”. You don’t need both the name and the reference. If using the name, separate “RFC” from the number, as is the RFC Editor’s preferred style.

Page 4, section 3.1, 2nd paragraph: drop “RFC 8059” (correctly formatted here!).

Page 5, 1st bullet item: delete a redundant “tree”.

Page 5, section 6, 3rd sentence: please provide a reference to what you consider to be suitable PIM authentication mechanisms. RFC 4601/RFC 5796? draft-ietf-pim-3376bis? Something else?