Valery Smyslov writes: > 9. Page 49. > "There are two types of EAP authentication (described in > Section 2.16), and each type uses different values in the AUTH > computations shown above. If the EAP method is key-generating, > substitute master session key (MSK) for the shared secret in the > computation. For non-key-generating methods, substitute SK_pi and > SK_pr, respectively, for the shared secret in the two AUTH > computations." > > Isn't this para superfluous here? Its content belongs to EAP > authentication and in fact it is described in more details two pages > below.
That text was added in the draft-ietf-ipsecme-ikev2bis-08 because of the ticket #151: http://trac.tools.ietf.org/wg/ipsecme/trac/ticket/151 Because of that I would like to get more feedback from WG before I revert that change. I.e no changes done. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec