|
> T1. I am a little concerned by the fact that the second paragraph of > section 1.2 speaks in terms of 'compliance', 'unconditional compliance' > and 'conditional compliance' with 'this specification' which is actually > an Informational document. Is this really needed? We tend to avoid such > strict language in IETF documents. [BA] This language appears to be boilerplate in AAA requirements RFCs and BCPs (see RFC 2989 Section 1.1, RFC 4962 Section 1.1, etc.) > T3. Also in section 4.2 I see the following: > > In addition to the goals referred to above, [RFC4962] Section 2 > describes additional security requirements, which translate into the > following requirements for RADIUS crypto-agility solutions: > > It may be my understanding but I could not find in section 2 of > [RFC4962] the requirements that translate into 'strong, fresh, session > key' and 'Limit key scope'. Can you explain me what I am missing? [BA] Looks like a typo -- should this refer to Section 3? |