The security considerations could be slightly expanded to refer to the "encrypted mode" and "authenticated mode" that is referenced from RFC8545 security considerations. Perhaps a direct reference to where those are specified would be better than the current reference as that just states in the security considerations section that they are recommended, but that document does not define those options. The reader would then be able to jump to those documents/sections rather than having to take multiple steps to see what the additional security options include. 

The limit on where this protocol used provides good context. It's also good that the integrity protection is built-in. I appreciate the working group and authors efforts to build-in security options. Well done!