On Thu, Jul 31, 2014 at 09:24:33PM +0100, t.p. wrote: > But on key management, I am not sure I agree with you. Yes, ECDHE > is a part of key management, but I would not think it on its own as > being key management; or put differently, you either have key > management or you do not, so 'authenticated key management' > seems to me .. well, not real. I look in vain for it in RFC2401 > or RFC2828. One tends to distinguish between key management and key agreement. I've not previously seen ephemeral key agreement described as key management. I don't think there is substantive ambiguity with respect to the meaning of key management in the draft. -- Viktor.