Sam, Your observation is brilliant. Yes, I agree, "EAP channel binding" and "EAP cryptographic binding" map to what my draft calls "end-point channel binding" and "unique channel binding," respectively. I had not noticed this before. Also, I think my draft's definition of "end-point channel bidning" needs to be tightened just a bit: not only must the end-point IDs be cryptographically bound into the channel, it must also be the case that the IDs meaningfully identify the channel end-points -- that is, that one nodes cannot assert the same ID as another without sharing credentials with it. I think my text implies this but does not make it sufficiently explicit. Nico -- _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf