I appreciate making the length explicit ... the implicit length sounds non-ideal, and I'm glad to see this RFC is fixing it.

I don't generally love "Security Considerations via inheritance", but in this case, RFC 4884 already does call out the relevant points, namely that checking the checksum is a good idea and be careful not to trust the explicit length more than it deserves.

It's short and sweet ... looks good to me.