I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document is ready with nits. The purpose of this document is to update the TLS method of EAP to accommodate the changes to TLS in 1.3: in this, it appears to be complete and to have been thoroughly vetted. I have two nits and a high-level suggestion: * The introduction at one point says "Privacy is mandatory". Later in the document it becomes clear what is meant by this, but at this point in the document "privacy" is somewhat of a Rorschach test. It clearly doesn't mean that repeated EAP requests from the same IP will be unlinkable, for instance. What appears to be meant here is that encryption of the client certificate prevents linkability via passive surveillance. Say that instead. * Expand NAI into "Network Access Identifiers", with the appropriate informative reference, at its first use, not halfway through the document. * My high-level suggestion for this document is to be forward-looking in how you specify the relationship of EAP to TLS. Expect there to be a TLS 1.4 (or 2.0) and beyond, and specify this protocol using standardized TLS interfaces only, with the rest of the protocol (including the specific handshake messages) treated as a black box. This may or may not have been possible in the pre-TLS 1.3 era, but it is certainly possible to do so now. At best, no normative changes will be required; at worst, the size of the update to the EAP RFC will be minimized.