IETF Last Call Review of draft-ietf-pim-zeroconf-mcast-addr-alloc-ps-07
review-ietf-pim-zeroconf-mcast-addr-alloc-ps-07-secdir-lc-salowey-2025-10-13-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

The summary of the review is the document has issues.

This document is providing requirements for Zeroconf Multicast Address
Allocation. The document's security considerations section is rather light in
that is says security will be addressed by future documents. It seems that a
requirements document should cover security aspects.

For example, it seems that address collisions could cause denial of services
issues and perhaps other security issues. It seems these consequences should be
discussed in the security considerations along with considerations for what
solutions should address to thwart and attacker from reaching these outcomes.

I don't think it needs to be a lot of text, but some guidance for solutions
derived from this document would be good.