Security considerations text for draft-ietf-emu-chbind

Hi.
I'm posting a new version of the channel bindings draft in response to
AD review comments.
I've been requested to develop security considerations text in response
to attacks I wrote about on the list.

Here's the text I'm including in the new draft.
Comments are welcome.

I don't know if Sean will simply issue the IETF last call and allow us
to comment on this text during the last call or if he'll seek comments
on this text before the last call.  Either way, you should send comments
on this new security considerations text now if you have some.

At the bottom of section 9.1 I've added:

   This trust model is a significant departure from the standard EAP
   model.  In many EAP deployments today attacks where one NAS can
   impersonate another are out of scope.  Channel bindings brings these
   attacks into scope; the system as a whole needs to be analyzed to
   evaluate cases where one NAS may impersonate another and to evaluate
   the impact of this impersonation.

   One attractive implementation strategy for channel binding is to add
   channel binding support to a tunnel method which can tunnel an inner
   EAP authentication.  This way, channel binding can be achieved with
   any method that can act as an inner method even if that inner method
   does not have native channel binding support.  The requirement for
   mutual authentication and key derivation is at the layer of EAP that
   actually performs the channel binding.  Tunnel methods sometimes use