Hi, This is regarding seed label which is used in PRF(Pseudo random function) to derive session keys. PEAPv0: https://tools.ietf.org/html/draft-kamath-pppext-peapv0-00 - I don't see any mention of label but look like it uses *client EAP encryption ? *Any official draft or RFC mentioned PEAPv0 uses this label ? PEAPv1: https://tools.ietf.org/html/draft-josefsson-pppext-eap-tls-eap-05 *client PEAP encryption* PEAPv2: https://tools.ietf.org/html/draft-josefsson-pppext-eap-tls-eap-10 *client EAP encryption* So on the *client *side the code should be something like if(PEAP_version ==1) label is *client PEAP encryption* otherwise // For version 0 and 2 label is *client PEAP encryption* This look OK? Why PEAPv2 uses old label ?