Reviewer: Robert Sparks
Review result: Ready for publication as a proposed standard RFC

I had one question, even though I think the document is fine as is:
Is there any need to version this, or if there was a need for a significant change to how it works, would you just shift to a different authentication scheme?

RjS