I have reviewed this document as part of the security directorate's  ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the 

security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This draft seems short well written and to the point.

However, the security considerations section seems to be on the short side and I'm wandering if all relevant security issues really are covered.

One thing that strikes me as possibly relevant is if this in any way can be a means (in some variants of it's use) through which a spammer can gain information about the status of the recipient.

/Stefan Santesson