Thanks for updating this document! All of my comments from the previous review have been addressed. It reads much better now. I only have some minor nits to note below:

- Section 8.5: This section title references ciphersuite downgrade, yet the text refers to configured use of less-good ciphersuites. Perhaps the title should be, "Threat: Weak TLS Configurations"?
- Section 8.6: I don't quite follow this section. Certainly, describing how one validates certificates is out of scope. However, the title suggests this is part of how one "uses" certificates? I might just scratch this section altogether, and instead reference RFC5280 where certificate-based authentication is first presented. 
- Section 8.7: I might rename this title to, "Threat: Symmetric Key Limits."
- Section 8.10.1: I would reference opportunistic security here, as an unauthenticated key exchange yields similar properties.