I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is Ready with nits.

The review deadline for this was really short, so I didn't have a chance 
to read this as closely as I would have liked. That said, from skimming 
the document and reading the sections that looked most interesting, it 
looks pretty good. The security considerations section covers what I 
expected it to. I have only one question/concern:

Sections 4.2.1 and 4.3.4 talk about the security of joining a network, 
and time synchronization, respectively. Do any of the security 
mechanisms in 4.2.1 rely on having an accurate clock? (E.g., to distrust 
old/expired keys.) Is time synchronization done before the join process, 
and is there any way to exploit time synchronization in order to cause a 
node to join a malicious network?