This document defines some additional RADIUS attributes for IEEE 802 authenticators acting as AAA clients, and also clarifies some EAP usages. Thus, it describes authentication and authorization requests that are supposedly local to a network. The security considerations are pretty massive, but they are covered in other RFCs reasonably well, and those are listed in the Security Considerations. If you buy into the normal use of RADIUS in IEEE 802 networks, this document doesn't present anything at all challenging. --Paul Hoffman