From Sam Hartman:

Section 8.3 claims that authenticated peers can be trusted not to claim they are
on-path when they are off-path. Authentication is not the same as
authorization.  The discussion of when this assumption is reasonable needs to be
significantly expanded.

and later in the context of upstream node attacks (3.5/8.3):

I don't understand the attack regarding off-path nodes inserting routing state
discussed briefly at the end of sections 3.5 and 8.3. Is the attack that you
could send a bogus query from off-path and get the upstream directed traffic
associated with a session?  Shouldn't authorisation be part of a defense against
this attack in addition to SID randomness?