I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Document: draft-ietf-ace-wg-coap-eap-09
Reviewer: Deb Cooley
Review Date: 2024-01-23

The summary of the review is 'Has Nits'.

0.  All of my early review comments have been addressed.  TY

1.  Section 5.1, last paragraph:  The MSK can be assumed to be 'fresh key material', but do all EAP methods yield 'strong cryptographic key' by Section 3.3 of RFC 5869?  If some EAP methods do not yield strong keys, then either the KDF Extract should be used, or those methods should not be allowed.  (I did not look this up, so telling me that you all checked is a fine answer)

2.  Section 5.2:  It would be useful to have an actual example of the info part of the KDF. How is CS constructed - spaces, commas? Are there spaces between CS and the string?