Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I haven't been following HOKEY at all, so the comments are basically from innocent bystander who knows as much about EAP as needed to type the password for WiFi in the 802.1x (and is user of eduroam network). The HOKEY architectural document seems to be clearly written and can be understood even by me. It does not introduce neither any new protocol nor security issues and is just a summary of existing standards or I-Ds, so there are no security concerns in this particular document. Some security concerns are referenced to other RFCs (Section 7), but they are just #includes from other documents and not something new introduced by this document. One minor nit: - You suddenly start to use rRK and DSrRK in the tables (4 and 5) in section 5. It would help readability to explain somewhere what these abbreviations mean. O. -- OndÅej Surà vedoucà vÃzkumu/Head of R&D department ------------------------------------------- CZ.NIC, z.s.p.o. -- LaboratoÅe CZ.NIC Americka 23, 120 00 Praha 2, Czech Republic mailto:ondrej.sury at nic.cz http://nic.cz/ tel:+420.222745110 fax:+420.222745112 -------------------------------------------