Some quick comments on the draft and its security counterpart.
1. numeric reference tags are deprecated, as discussed on the
rfc-interest list several months ago
2. the security draft needs a good proofreading:
O "among" should probably be "amount"
O " if IDENT" should probably be " of IDENT"
3. There remains a conflict with RFC 2822 w.r.t. the Received
field; 2821[bis] permits a quoted-string for the "id" component,
which is not permissible in the field as defined in RFC 2822.
4. The same peculiar and confusing wording of RFC 1123 is repeated;
RFC 822 did not "suggest" an '@' in a msg-id, it clearly specified
it (along with '<', '>', '.', and possibly '[' and ']') in msg-id.
5. "TCP" really ought to be registered with IANA for use in the
"via" Received field component (or dropped, since it wasn't in
6. Consistent terminology would be helpful. "Header" is sometimes
used in the sense given in FYI 18 and as defined in RFC 2822,
and other times where "header field" would be more appropriate.