I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other review
comments.

This document is ready for publication as an Informational RFC

Thanks for addressing my Last Call comments. The new Security Considerations text is helpful (though I would have preferred even more).

I'll point to one last potential problem spot (as a nit) that you may wish to reconsider. See Section 3 at:

"Encryption is important if the implementation can afford it."

From the rest of the document, it's clear that Encryption is important even if the implementation _can't_ afford it (and what does "afford it" even mean in this context)?

Please try to find more specific text to convey what you are trying to say.