EAP Re-authentication Protocol Extensions for Authenticated Anticipatory Keying (ERP/AAK)

Note: This ballot was opened for revision 10 and is now closed.

(Stephen Farrell) Yes

(Ron Bonica) No Objection

(Stewart Bryant) No Objection

(Gonzalo Camarillo) No Objection

(Ralph Droms) No Objection

(Wesley Eddy) No Objection

(Adrian Farrel) No Objection

Comment (2012-02-14 for -)
Please think about wether it would be useful to create a registry for 
the flags fields in the packets so that it is easier to track them if/
when future extensions come along.

(Russ Housley) No Objection

(Pete Resnick) No Objection

(Peter Saint-Andre) No Objection

(Robert Sparks) No Objection

(Sean Turner) (was Discuss) No Objection

Comment (2012-02-15)
And now for some nits:

1) f1: Is there an extra "[" or is a "]" missing in the following:

   a. | [EAP-Initiate/ |              |                   |

I think a "]" is missing because a is optional. Note this is a total nit and shouldn't require you to post another version.

2) s3: r/thus message/this message

3) s4.1: Should this:

 The pMSK label is the 8-bit ASCII string:

      Early-Authentication Master Session Key@ietf.org


 The pMSK label is the 8-bit ASCII string:

      EAP Early-Authentication Master Session Key@ietf.org

to match the earlier ASCII string?

4) s4.1: My assumption is that the pMSK ASCII string is coming from the same place and the KDF is also defined in 5295.  Worth repeating for the pMSK?

5) s5.1, s5.2, s5.3: I know this is minor but r/changed parameters/new parameters

6) s5.2 and s5.3: Shouldn't you say something about L? It's mentioned later in s5.3 so something ought to at least be said about it even if it's just "L" see 5296 like for the SEQ field.

7) s5.3: r/HMAC-SHA256-128 is mandatory/HMAC-SHA256-128 is REQUIRED - just to make it match s5.2