Reviewer: Melinda Shore Review result: Ready This document updates TLS-based EAP methods to use key derivation mechanisms from TLS 1.3, along with other TLS 1.3-required updates. It's clearly written and I believe could be implemented from. There are several very minor nits, which I actually don't think need to be addressed but are mentioned here in the interest of completeness. Section 3.1 is a very nice piece of work, as is the security considerations. 2.1 “The inclusion of the EAP type makes the derivation method specific.” “method-specific” or “specific to the method” might be clearer 2.2 “PAC” should probably be spelled out on its first use. Also EMSK and other initialisms “j’th inner methods” should be singular “In TLS 1.3, the derivation of IMCK[j] used both a different label” should be present tense (“uses”) 2.4 should probably use either MS-CHAP or MS-CHAPv1 consistently -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call