I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The draft defines an EAP authentication method using a password. Not being a cryptography expert, I reviewed the document form the perspective of an informed outsider but I did not try to verify whether the cryptographic claims are all correct. That said, I found the document well written and the security discussion convincing. Editorial nits: a) On page 6, you use the acronym PRF and it will help readability if you spell it out here since it has not been introduced yet: s/and a PRF/and a pseudo-random function PRF/ b) In figure 1, you could replace res = PRF(key, i | label | L) K(1) = res with K(1) = PRF(key, i | label | L) res = K(1) since this makes the assignments before the loop and in the loop body symmetric and thus perhaps things easier to read. c) There are two places where IANA assigned values need to be filled into the text; perhaps add more explicit RFC editor instructions so the editor knows what to fill in for 'TBD1'. d) s/DIffie-/Diffie-/ e) You may want to complete reference [BMP00] - the proceedings were published by Springer-Verlag in LNCS 1807. /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany Fax: +49 421 200 3103 < http://www.jacobs-university.de/ >