Document: draft-ietf-hokey-reauth-ps-07.txt Reviewer: Miguel Garcia Review Date: 2008-02-06 IESG Telechat Date: 2008-02-07 Summary: The document is ready for publication as informational RFC. Comments: The document is well and clearly written. I have one comment biased by a personal opinion and a couple of nits. Treat this comments at your discretion and with the guidance of your AD. - My understanding is that RFC 2119 applies to standards track RFC. At least, this is the spirit when I read the document. Therefore, I don't find reasonable to use capital MUST, SHOULD, and MAY in a document that is trying to express requirements. Simply: RFC 2119 does not make much sense with requirement descriptions, in my opinion. In particular, the draft systematically capitalizes all the MUSTs, SHOULDs, and MAYs without considering if they make sense or not. Consider Sections 4 (Design Goals) and Section 5 (Security Goals). I think most of the capitalized words are not applicable. So, I would suggest that you do an iteration on the draft considering which text should be expressed with capital words, in the spirit of RFC 2119. Nits: - Section 1, second paragraph: In many common deployment scenario, an EAP peer and EAP server s/scenario/scenarios - Section 1, third paragraph: According to [RFC3748], after successful authentication, the server to transports the MSK to the authenticator. Remove the word: "to" - Section 4, last paragraph. You should add some references to CAPWAP and 802.11r, if they are available. - Section 6.3: The IETF CAPWAP Working Group [RFC3990] is developing a protocol I doubt RFC 3990 is a suitable reference for a working group. Perhaps the text can be rephrased as: The IETF CAPWAP Working Group is developing a protocol whose problem statement is specified in RFC 3990 [RFC3990].