I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other last call comments.




This draft specifies an HMAC key derivation function that is divided into two steps: an extract step to get a fixed length pseudo-random key from some inputs and an expand step which expands this pseudo-random key into the desired output keying material.




It appears to be simple, useful, and, to my very limited cryptographic judgement, secure.

Editorial:

Section 2.1, page 3, "has always" -> "always has"




Thanks,

Donald

=============================

 Donald E. Eastlake 3rd   +1-508-634-2066 (home)

 155 Beaver Street

 Milford, MA 01757 USA

 

d3e3e3 at gmail.com