Thanks for considering my comments.

I am still struggling with the fact that the constrained Join
Proxy does allow attackers to send packets to arbitrary link-local
endpoints. The new security considerations text gives this advice:

   If such scenario needs to be avoided, the constrained Join Proxy MUST
   encrypt the CBOR array using a locally generated symmetric key.  The
   Registrar is not able to examine the encrypted result, but does not
   need to.  The Registrar stores the encrypted header in the return
   packet without modifications.  The constrained Join Proxy can decrypt
   the contents to route the message to the right destination.

The usage of MUST surely looks promising, but then protection
against this kind of attacks still is entirely optional ("if such
scenario needs to be avoided"). This relates to the other main
concern I had, namely that it is not particularly clear what is
required to be implemented as an interoperable baseline so that
at deployment time appropriate decisions can be taken.