I think we are very close.  I have a few minor comments.

In section 2, I think the definition of Trust Anchor ought to include the fact that it is a public key and some associated data.  The text in section 6.3 on configuration does a good job of describing the elements that are needed.

Section 6.1, 4th paragraph, 1st sentence.  I prefer:

   Care should be taken if the certificates used in SEND are also to
   provide authorization in other circumstances, for example with
   routing protocols.

Section 6.2, 1st paragraph, last sentence.  Please drop "or is even being planned."  Such a certificate hierarchy is actually being discussed in a different context.  I cannot say it is "planned," but it is being discussed.

Section 6.3.2, 2nd paragraph:
Appendix C, 1st paragraph:
   s/certification chain/certification path/