I'm not sure if this is a nit or not:

The draft describes uses of PCE involving multiple domains.  But the "domain"
concept in this case seems to encompass both/either different administrative 
domains and/or different technology domains within a single administrative
boundary. If it's realistic, wouldn't it be good give recommendations as to what
to do at least when administrative boundaries are being crossed? (E.g. "use
TLS" in that case.)

Other than that the draft appears ready to me.