I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The security consideration starts by saying: This section provides security requirements and an analysis on transporting EAP keying material using an AAA protocol. While 6.1 appears to provide the former, 6.2 (the remaining section) seems to discuss a particular concern in transporting EAP keying material in an APP protocol. That is, the "analysis" appears to be limited to a particular concern. Is this the only concern? I would like to see the Security Consideration section to incorporate by informative references general discussions of security considerations for key technologies (e.g., EAP). Beyond this, I'm afraid I do not have sufficient experience in the key technologies to be able to determine if security considerations are well covered or not. Regards, Kurt