Document: draft-zhou-emu-fast-gtc-03.txt
Reviewer: Suresh Krishnan [suresh.krishnan@ericsson.com]
Review Date:  27 June 2008
IETF LC date: 3 July 2008

Summary: This draft is almost ready for publication as informational RFC but I have a couple of comments.

Substantial
===========

* This method uses an ASCII null character '\0' to delimit the username and the password. Given that the username can be in the RFC4282 NAI format and the grammar allows for a '\0' to be part of the NAI, there needs to be some clarifying text on what happens if there are other '\0' 
characters in the response.

Minor
=====

* The draft does not specify what the client needs to do if the R flag is set to 0 in the error case. e.g. Some text like this (I do not know what the authors intended to do, so take this with a grain of salt) will make things much clearer.

"When the server sets this flag to '0' the peer should not prompt the 
user for new credentials to try again without restarting the EAP-FAST	 
  authentication from the beginning"