I reviewed this document on behalf of the operations and management area directorate. The document appears ready to proceed. I agree that the threat model described in rfc 8555 covers the case described, with the caveat that the threat of DNS subversion does not apply.