I've put a draft of the BGP vs. 2385 I-D at http://psg.com/~smb/draft-bellovin-tcpmd5app-00.txt --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book)
Being formalistic:
The sentence "The IESG is empowered to grant" should probably be stated as:Abstract The IETF Standards Process requires that all normative references for a document be at the same or higher level of standardization. The IESG is empowered to grant a waiver of this requirement. This document explains why the IESG has chosen to do so with regard to RFC 2385, "Protection of BGP Sessions via the TCP MD5 Signature Option", to permit promotion of BGP to Draft Standard.