I was assigned a SECDIR early review of this document.

This experimental draft defines a new lightweight authentication scheme intended to prevent only one type of spoofing attack, that a network connection is "Up." I think it makes a considered trade-off of the issues around target deployment and attack prevention and it's nice to see something that realistically picks a middle road between all-or-nothing and practical considerations.

Sec 1: I have never heard of the term "meticulous keying" before.

Sec 3: The MUST in bfd.AuthType is then contradicted by the following sentence, so should that be SHOULD?

Minor inconsistency: Sec 4 uses "person-in-the-middle" while Sec 14.1 says "man-in-the-middle"

Major confusion: are you using ISAAC or ISAAC+ ?