We had a discussion about section 5.2 in our team, and two people had come to different understandings about what the attack is. It would be nice if each security considerations section each described the attack before or after the more abstract description of it.
For example,
Requesting Party Bob using malicious Client controlled by malicious Requesting Party Carlos: Bob does XYZ, Client gives RPT to Carlos.
We had a discussion about section 5.2 in our team, and two people had come to different understandings about what the attack is. It would be nice if each security considerations section each described the attack before or after the more abstract description of it.
For example,