Hi all, Few more comments: 1) Section "3.3.4. Protected Termination and Acknowledged Result Indication"
Except as noted below, the Crypto-Binding TLV MUST be exchanged and verified before the final Result TLV exchange, regardless of whether or not there is an inner EAP method authentication. The Crypto-Binding TLV and Intermediate-Result TLV MUST be included to perform cryptographic binding after each successful authentication in a sequence of one or more inner authentications. --this is confusing by introducing another term "inner authentication" in addition to two existing in the document "inner method" and "inner EAP method". Please note that there could be no real authentication but just unsuccessful inner EAP method negotiation or even just exchange of Identity Request/Response. Maybe we should do a very formal approach: • Define inner method as something that is conducted in Phase 2 • Define two types of inner method - inner EAP method (that starts with Identity Request, no matter whether it performs authentication or not) and basic password authentication and treat them in the same way • We should also consider the option when there's no inner method in Phase 2 The same regarding the section "3.6. Error Handling, item #3" and "4.2.11. Intermediate-Result TLV" and few other places. 2) Nit: Section "5.2. Intermediate Compound Key Derivations" - looks that the concatenation operator is escaped, while in the other places it is not: IMCK[j] = TLS-PRF(S-IMCK[j-1], "Inner Methods Compound Keys" \|\| 3) Are we planning to address all errata items in this review cycle? Some of them are not yet in. Thanks Oleg
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu