Just two disclaimers:
First, I believe writing a FEP based on an outdated draft would set a bad precedent. The RFC is almost ready, so we should strive to upgrade to it.
Second, I stated here
If we would want FEP to be gate kept, I would suggest first adding a disclaimer that FEP doesn’t accept security relevant topics, as the FEP editors cannot ensure that the new FEPs don’t create issues.
and it continues to be my believe that FEP is inappropriate for security related things. So if somebody writes a HTTP Signature Best Practice guide, there will be no guarantee that they are actually best practices.