Apologies for the late review.

The obvious potential DoS vector is well covered here and the countermeasures seem OK given the way ippm stuff is seemingly deoployed. It might still be nice to add some a sentence cautioning that deploying an "open" reflector on the public Internet is likely a bad plan.

I also wondered if a heartbleed-like problem could occur, but it sems like the extra padding TLV spec in RFC8972 covers that already.