I see one major issue:

2.1: Logging in NATs and esp. CGNs is clearly sensitive in various ways. I
think it'd be ok if logging was really out of scope, however, there is a
logging-enable feature, I think under-specified,  (on page 63) so the statement
in 2.1 seems contradictory to me - if logging is out of scope why is
logging-enable a flag?.  Presumably if logging-enable transitions from F->T
then you turn on (some undefined kind of) logging. If this transitions from
T->F then what is the implementer supposed to do? I think that illustrates the
under-specification here. The simplest thing might be to really make logging
out of scope here by deleting the logging-enable thing entirely. (I can imagine
that reaching consensus on a logging control interface would be non-trivial,
hence the suggestion to really put it out of scope rather than try specify it 
fully.)

Just one nit:

The abstract could do with a bit of re-wording as it reads awkwardly.  I'd say
maybe just delete the 1st sentence.