security considerations endorsement requirements

[mcr]

** Section 12.  I didn't come away from this section with a strong, 
consistent understanding of which interactions needs which security 
properties or what considerations are need for which roles.  
Section 12.2 is at least clear on integrity, 
but it also makes vague allusions to other properties.  

-- Section 12.2  This section lists that there might be a need to support 
additional security properties and provides list 
(i.e., E2E encryption, DoS protection, authentication, etc.) .  
What actionable guidance should be taken from this text?   
How should one reason about those properties?

[mcr]

maybe already fixed with recent changes

[mcr]

maybe #390 helps?