In general, this document is well-written and considers security issues carefully throughout the whole architecture.

nits:
Abstract: /or not misconfigured/or misconfigured/

the fifth paragraph of section 6.1: the last ")" is redundant, therefore can be deleted

some section titles don't comply the rule of starting from a capital letter

section 6.5
/("IP security", see [RFC4301] and "Internet Key Exchange protocol version 2", see [RFC7296]/("IP security", see [RFC4301] and "Internet Key Exchange protocol version 2", see [RFC7296])/

suggestion: 
all the Figures (e.g., Figure 1,2...) should have a title for explanation

section 2, please update the last paragraph to reference RFC8174 to indicate that lowercase versions of the keywords are not normative

Section 11 (Security Considerations) Since section 9.2 has described the self-protection properties of ACP well, it may be useful in this section to mention them as a whole.