Overall I found the draft to be well written and easy to read but I one minor comment.

* It is not clear how a constrained device (potentially without a user interface) would handle the URI that it receives to escape the captive portal. Has this been thought of? I think some new text in this regard would be useful here, though one could make the case for this to be handled in the API draft instead.