Last Call Review of draft-harkins-emu-eap-pwd-
review-harkins-emu-eap-pwd-secdir-lc-schoenwaelder-2009-08-03-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The draft defines an EAP authentication method using a password.  Not
being a cryptography expert, I reviewed the document form the
perspective of an informed outsider but I did not try to verify
whether the cryptographic claims are all correct. That said, I found
the document well written and the security discussion convincing.

Editorial nits:

a) On page 6, you use the acronym PRF and it will help readability if
   you spell it out here since it has not been introduced yet:

   s/and a PRF/and a pseudo-random function PRF/

b) In figure 1, you could replace

                  res = PRF(key, i | label | L)
                  K(1) = res
   with
                  K(1) = PRF(key, i | label | L)
                  res = K(1)

   since this makes the assignments before the loop and in the loop
   body symmetric and thus perhaps things easier to read.

c) There are two places where IANA assigned values need to be filled
   into the text; perhaps add more explicit RFC editor instructions so
   the editor knows what to fill in for 'TBD1'.

d) s/DIffie-/Diffie-/

e) You may want to complete reference [BMP00] - the proceedings were
   published by Springer-Verlag in LNCS 1807.

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <

http://www.jacobs-university.de/

>