From Sam Hartman:

The discussion of TLS needs to describe what names certificates need to use.

And from Russ Housely (in more detail):

The second paragraph of Section 5.7.3 deals with TLS authentication. However,
the paragraph does not indicate how to determine whether the identity in the
certificate is acceptable.  Some form of identity checking must be included for
the certificate to provide the expected authentication.