I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last-call comments.

This document defines how a 'replication segment' can be built for segment routing such that a packet can be replicated from a 'replication node' to 'downstream nodes'.

The security considerations section seems reasonable and I did not find any other issues besides the following nits:

* Please expand MPLS, IGP, BGP, and SRH on first use.

* I find the capitalization of words across the document somewhat odd. The phrase 'Replication node and a leaf node' has R capitalized and L not capitalized. There are also other instances where L is capitalized such as 'For Leaf/Bud nodes'? I guess the community has some uncodified standard for capitalization of words. I'll leave it to the RFC editor and authors to handle this.

There are few places where there is missing space between text and the opening parenthesis. For example: "Path Computation Element(PCE)" and "Segment Routing(SR)" don't have a space but "Segment Routing over MPLS (SR-MPLS)" has a space.

Some of the references aren't properly linked. For example, text in section 1.1 says "Terminology sections of RFC 8402, RFC 8754 and RFC 8986" but doesn't reference the RFCs (it should perhaps look like [RFC8402], [RFC8754], and [RFC8986]).

I could not understand the phrase: "building blocks for replication trees when Replication segments on the root". What is "segments on the root"?

attach vectors -> attack vectors