In terms of framing, I think I'd prefer to not split error codes and instead make the Retry Interval 'optional' by reserving 0 as a special value that's equivalent to it not being present.

This also avoids us having a discussion about which of the error codes should be retryable.

Do we really mean this? Like if I get a DOES_NOT_EXIST with a valid auth token, and Retry-After 30 (since it will exist then), but the token expires in 15, I change the error to UNAUTHORIZED?

That seems super confusing. I think I'd rather get the real error code, and burn the round trip when my token actually expires.

I am inclined to remove this entirely.

I'm not keen on implementation specific error code. I think that contributes to non interoperable implementations. I'd like to have some discussion on this.

Can we right this up in the normal way we would IANA. This should be there is a way to get IANA to pre allocate a code.

I don't see any reason we need to invent new IANA processes beyond what is in rfc8126

I think it needs to do randomization even if it is not doing multiple requests. A common problem is Start of Service attacks. With IP phones we regularly see cities of over 10 million people loose power, then all restart at the same time often all with a set top box from of some sort from the same vendor. This forms a Start Of Service attack where the normal mitigations is for the server to be able to respond with retry after and it is more robust to spreading out the load if that can be spread.

My suggestion would be just make this very specific that the min time to respond was a number between the values returned and 125% of value returned with uniform random distribution in that time. Sure some clients won't bother but the ones that cause SoS attacks will.

Just as something to think about ... ff you use seconds instead of ms, it makes it hard for the server to pace multiple clients but I can see how either would work.