The security considerations section is scanty - transport security is not described at all, nor is the question of defense against a malicious actor spoofing a server.  It may be the case that there are, in fact, mitigations in common use but they are not spelled out in this draft nor in RFC 5730 (and I’ll be the first to admit that I may have missed something).  Because of this I do have reservations about progressing the document towards publication.

Section 3.3: Is it the case that if an element is not explicitly identified as optional, it’s mandatory?  If that’s the case you may want to mention that in the first paragraph of this section

Nits:

There’s occasionally some unidiomatic English (for example, “The command mappings described here are specifically for the use to notify [ … ]” rather than, for example, “The command mappings described here are specifically used to notify [ … ]”, “The information on a [ … ]” rather than “The information about a [ … ], etc.), 

Section 1, first paragraph:  It’s actually not very clear about what registries are informing registrars.  It may be clearer to start with something along the lines of “Registries usually inform registrars of maintenance activities in different ways.”