As I was reading this document, I realized that I didn't understand what it was for. As I understand it, this document embeds IKEv2 into EAP. Why is this a good idea? As I understand the situation, EAP already supports a TLS-based authentication mechanism, which allows it to do both public-key based and asymmetric-key based authentication. So, what is IKEv2 bringing to the party here? Obviously, there are things IKEv2 is good for that TLS is not, but it's not clear to me that EAP is using any of that functionality. It seems to me that this document would be improved by a discussion up front of why it is desirable. -Ekr _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf