The text on SID generation requirements is moved to a new normative section
4.1.3 as follows:

4.1.3.  SID Selection

   The fact that SIDs index routing state (see Section 4.2.1 below)
   means that there are requirements for how they are selected.
   Specifically, signalling applications MUST choose SIDs so that they
   are cryptographically random, and SHOULD NOT use several SIDs for the
   same flow, to avoid additional load from routing state maintenance.
   Guidance on secure randomness generation can be found in [32].

and section 8.7 is extended with new text on how GIST security depends on
correct action by the NSLP, reading in part:

   Certain security aspects of GIST operation depend on signalling
   application behaviour: a poorly implemented or compromised NSLP could
   degrade GIST security.  However, the degradation would only affect
   GIST handling of the NSLP's own signalling traffic or overall
   resource usage at the node where the weakness occurred, and
   implementation weakness or compromise could have just as great an
   effect within the NSLP itself.  The relevant aspects of NSLP
   behaviour are as follows:

   o  GIST depends on NSLPs to choose SIDs appropriately
      (Section 4.1.3).  If NSLPs choose non-random SIDs this makes off-
      path attacks based on SID guessing easier to carry out.  NSLPs can
      also leak information in structured SIDs, but they could leak
      similar information in the NLSP payload data anyway.