Miroslav's comment 2.3:

The draft leaves the content of the Auth Method entirely on the implementer.
I’m afraid this could lead to an interoperability nightmare in the future.
Shouldn’t the content be at least half-specified (leaving room for an implementer to add his own methods)? For instance: The Auth Methods of the form "SASL <mechanism>" must implement mechanisms as defined in the SASL mechanisms register (https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml) — e.g. “SASL PLAIN”, “SASL OTP” etc.
Of course, the MQTT-SN specification should ideally precisely define all allowed auth Mechanisms and their implementation but I don’t know if it’s a viable option…