I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

This standards track draft specifies a set of Network Resource Partition (NRP) Selectors that identifies i) what NRP the packet is associated with and ii) how the packet is to be forwarded.  NRPs provide support of IETF Network Slice services, which in turn provides network connectivity and how this network is constructed.

The security considerations section does exist and discloses that the forwarding network is insecure and therefore susceptible to attacks on traffic integrity/control.  To mitigate against this they recommend a secure link-layer, but does not help if the node itself is compromised.  I guess that this is expected given that the overall protocol assumes this environment/use-case?

General comments:

There is concern about no running code, has this changed recently?

Editorial comments:

Not for sure if there is already precedence, but defining each of the fields in the network action subsections would help with having to hunt for the associated documents.  These subsections could use some help in describing the actions in more detail as if wasn't clear what unique purpose that each of these selectors has (one provides just a reference but no description).