I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Segment Routing (SR) is a source routing paradigm that explicitly
indicates the forwarding path for packets at the ingress node.  An SR
Policy is a set of candidate paths, each consisting of one or more
segment lists.  This document defines extensions to BGP SR Policy to
specify the identifier of a segment list. My understanding is that
the extension is an optimization.

Not being an expert in Routing in general and SR in particular,
I think this document adequately describes security considerations
by 1) pointing to RFC 9830 and RFC 8402, as well as noting that
the added identifier may expose mission-critical or commercially
sensitive network information, and thus introduces a confidentiality
risk.

One small nit is about the last sentence of the Security Consideration
section:

   Network operators MUST ensure that only trusted nodes (including both
   routers and controller applications) within the SR domain are
   permitted to receive this information.

I am wondering how this MUST can be satisfied. Are you referring to
"Traffic MUST be filtered at the domain boundaries" text in RFC 8402,
or something else?

Thank you,
Alexey