I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  Document editors and WG chairs should treat these comments just like any other last call comments. This is effectively a one byte change to RFC4402 to correct for the fact that the deployed implementations do not match the current spec. While it's open, there is also the addition of some sample data to assure the problem won't happen again (or at least if it does, the sample data will indicate the correct interpretation). RFC4402 was already covering a detail of the Kerberos V5 design that probably should have been folded into another RFC rather than getting its own, so this change is truly covering a small detail (albeit one the affects interoperability of implementations). Note that this spec defines a PRF function in what today would be considered a non-standard way. But the changed spec will reflect the state of the deployed base and there are no known cryptographic weaknesses in the algorithm specified here.      --Charlie