General: You have quite successfully managed to extract the essential features of key management architectures and key hierarchies from two central MAC layer security standards. Also the level of abstraction is suitable for the purposes of this paper. You must have noticed the similarities of the functional properties between the two standards. On the other hand, there is an essential difference due to the fact that the WLAN standard is very AP-centric while the UWB is more similar to the WLAN IBSS. A minor technical difference is that in UWB the multicast key (GTK) is not created in the 4-way handshake but sent afterwards in a secure frame secured using the PTK. However, WLAN's GroupKey Handshake, a recent addition to WLAN security, does about the same thing, doesn't it? I was missing this kind of discussion about similarities between the two standards. It would have been possible to describe both standards within the same model, but it can be left for the future work. So far there are not many examples of higher layer procedures for establishment of long-term pairwise keys. We have WUSB AM, Bluetooth Simple Pairing and Microsoft's Connect Now-NET. There are no standards for establishment of long-term group keys. But taking it as a fact that such standards are coming up, the speculations presented in Section 4 about the pros and cons of having the PMK replaced by a group key are intresting. There is certainly room for carrying these speculations even further. Detailed comments (technical and editorial): 1. The transient keys are used not only to encrypt but also to protect the integrity of data. The data is sent in frames and when secured using cryptographic methods a frame is called a "secure frame". I suggest to use this terminology: - sending secure frames (the sender encrypts and integrity-protects the frame) - receiving secure frames (the reciever decrypts and checks the integrity) 2. Delete the first sentence of paragraph 4, Section 1 3. Page 1, col2, last line: Are the security associations long-term or short-term? 4. Page 2, Fig 1: Since this is a paper about keys, it would make sense to tell what keys are used and where in the 4-way handshake. 5. What is the purpose of the 4th message of UWB 4-way handshake? Compare to WLAN. 6. Page 2, end of Section 2.1. KCK is much more short-lived than PTK. PTK continues to be used also after the handshake. 7. Page 2, Section 2.2, line 6: "encrypt multicast data" replace by: "multicast secure frames" (Follow this example also elsewhere to improve wording.) 8. Section 3. Is there some key management architecture for ESS? How GTKs are used there? 9. Section 3, page 3, colum 2, lines 2-4: either delete or formulate properly. (It is about SMK Handshake which is a new feature.) 10. Section 4, paragraph 4: Wasn't the method of [DB06] broken? Then it cannot be recommended as an example. Instead you could mention the Wong and Stajano protocol. 11. Conclusion, paragraph 1, line 3: ... to derive session keys from a pre-established shared secret long-term key. * * * * *