Detailed comments 1 Rating Technical quality 4: Contents are mostly correct. Some improvement suggested below. Originality 4: Contains some new ideas, but can be developed as described below; good analysis of current state Editorial quality 5: Clear, understandable and easy to read Overall grade 4: Very good Confidense: 2: I have some general knowledge of this subject 2a. Technical quality The paper gives a good survey of the current state in ID-based authentication and key establishment. Also, it sketches a novel or at least a better formalized ID-based symmetric key AKE protocol that has 4 variants. Four use cases are the main contribution of this paper: an SMS based authentication service for Internet based services, authentication of push messages, an addition to TLS pre-shared key cipher suites, and an adaptation for Internet packet level authentication with DNS. The first two cases work in the telecommunications world and are probably of interest to the telecom industry, and the latter two are meant for Internet. The use cases are insightful and well founded. - Section II: "IBC is controversial..." explain why it is controversial, what are the weaknesses? -A description of a ID-based (public) key establishment is definitely needed in Section II, before going to ID binding with symmetric keys. -"Kerberos is not using key derivation, but is in effect closely related to channel binding mechanisms with symmetric keys." Explanation? What is the relation except that Kerberos is also a key distribution protocol? - Security analysis is left for further study, but it is essential to justify the security of the scheme somehow. Now that a description of binding ID:s to public keys also missing, it is not possible (from this paper) to derive the security this scheme from the public key case either. (Suggested improvement: write the description for the public key case and try to link the security of the symmetric case to it. A thorough security analysis of the protocol may be too troublesome for now.) 2b. Originality In reference [Sihuang] identity is bound to keys, as Section II suggests. Judging from the slides (the paper was not available) the idea seems somewhat similar, but this paper formalises the protocol better. The crucial question in ID-based symmetric key is who's identity will be bound to the key and how does the other party get know this secret key while it is still hidden from outsiders. This paper answers the question, by having a trusted authority (TA) for providing the key for the communicating parties. ID-binding brings the advantage that only one of the parties needs to contact the TA, either the sender or the receiver. However, there is also a variant that uses both. 2c. Editorial quality The paper is easy to read and understand, even if the explanation of ID-based AKE is a bit too high-level and compact. Some minor errors: -Numbering in Section two: 1) Applications B. Implicit AKE with Key Derivation. This is confusing, I guess B also contains applications. A is missing? -Subsection IIB. "IBC is using asymmetric key cryptography based on elliptic curves and pairings". IBC is a more general term than that. I think this is an editorial mistake, the author possibly meant to write something else. -Figure 4 is without reference and explanation.