Thanks for you comments.
(I've skipped the DIGEST-MD5 related comments in this reply.)
Frank Ellermann wrote:
RFC 2822 <addr-spec> allows for CFWS around different separating
characters and other horrible things.
I consider this to be a bug and I don't believe people have actually
used this syntax for the AUTH parameter.
2554 says that the auth param is an <addr-spec>, but you
changed it to <mailbox>. Please stick to <addr-spec>,
it's a huge difference.
There's no normative or otherwise reference to RFC 2195
I like the idea, but I need to think about the exact text and the best
place to insert it.
I miss a discussion of ESMTPA etc., and a
corresponding normative reference (RFC 3848).