diff --git a/draft-ietf-core-dns-over-coap.md b/draft-ietf-core-dns-over-coap.md
index a5607ba..f1b7f84 100644
--- a/draft-ietf-core-dns-over-coap.md
+++ b/draft-ietf-core-dns-over-coap.md
@@ -496,6 +496,12 @@ Last update of this information:
 Security Considerations
 =======================
 
+General CoAP security considerations apply.
+Exceeding those in {{Section 11 of RFC7252}},
+the request patterns of DoC make it likely that long-lived security contexts are maintained:
+{{amp-0rtt}} goes into more detail on what needs to be done
+when those are resumed from a new endpoint.
+
 When using unencrypted CoAP (see {{sec:unencrypted-coap}}), setting the ID of a DNS message to 0 as
 specified in {{sec:req-caching}} opens the DNS cache of a DoC client to cache poisoning attacks
 via response spoofing.
@@ -507,12 +513,6 @@ harden against injecting spoofed responses.
 Consequently, it is of little concern to leverage the benefits of CoAP caching by setting the ID to
 0.
 
-General CoAP security considerations apply.
-Exceeding those in {{Section 11 of RFC7252}},
-the request patterns of DoC make it likely that long-lived security contexts are maintained:
-{{amp-0rtt}} goes into more detail on what needs to be done
-when those are resumed from a new endpoint.
-
 IANA Considerations
 ===================