Last Call Review of draft-ietf-detnet-mpls-over-ip-preof-08
review-ietf-detnet-mpls-over-ip-preof-08-secdir-lc-meadows-2023-12-19-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. 
Document editors and WG chairs should treat these comments just like any other
comments.

This document presents BGP constructs that may be used to implement certain
types of network segmentation.

This document describes how sequencing information can be encoded in the IP
header to be used to support the addition of Packet Replication, Elimination,
and Ordering Functions (PREOF) to Deterministic Networking (DetNet )IP. The
PREOF service protection method relies on copies of the same packet being sent
over multiple maximally disjoint paths and uses sequencing information to
elimination duplicates. PREOF has already been implemented for MPLS, and the IP
solution is derived from that.  This document descibes how to derive the needed
sequencing information from the IP header.  In particular it describes what
information MUST and MAY be included in the header fields so that the sequence
information may be derived.

I agree with the draft’s security considerations section, which says that no
new security considerations are introduced.  The procedure is based on a
similar solution for MPLS, and so the MPLS security considerations apply.

A nit:

1. A possible implementation of POF function
should be
A possible implementation of the POF function