I'm far from an http expert, but I thought this draft was written clearly and was easy to understand. The Security Considerations seem to cover the appropriate issues especially that there is possibly duplicate information in various status types (not the biggest issue, but pretty subtle).