Summary: Needs 7 more YES or NO OBJECTION positions to pass.
Nit in Section 6: “an hostile network access provider”. In Section 8.4, please add the “Fragment identifier considerations” entry in the template, as required by RFC 6838.
This is a well written document, but I have a small set of issues I would like to discuss: 4.4. Detecting misconfiguration and misuse When a host retrieves the PvD Additional Information, it MUST verify that the TLS server certificate is valid for the performed request (e.g., that the Subject Alternative Name is equal to the PvD ID expressed as an FQDN). The last sentence is not right: you should say “one of Subject Alternative Names is equal to ... “ because a server certificate can have multiple Subject Alternative Names. 5.4. Providing Additional Information to PvD-Aware Hosts This section is using HTTP/2 syntax for requests and responses, but HTTP 2 RFC is not listed as a reference.
I am a co-author of this document ;-)