Traversal Using Relays around NAT (TURN) Extension for IPv6
draft-ietf-behave-turn-ipv6-11

[Ballot comment]
My earlier COMMENT had a typo - for correctness (although my on-line dictionary says "alternate" is usable as well as "alternative" in American usage in this case), s/Alternate behavior:/Alternative behavior/ throughout.

[Ballot comment]
My earlier COMMENT had a typo - for correctness (although my on-line dictionary say "alternate" is usable as well as "alternative" in American usage in this case), s/Alternate behavior:/Alternative behavior/ throughout.

[Ballot comment]
For correctness (although my on-line dictionary say "alternate" is usable as well as "alternative" in American usage in this case), s/Alternate behavior:/Alternative behavior/ throughout.

[Ballot discuss]
(Discuss updated to reflect version -10)

This indented note from Section 8 is still problematic:

      Note that the use of the behaviors specified in the following
      sections is at the "should" level.  Having its use at the "should"
      level instead of at the "must" level makes it possible to use
      different translation algorithms that may be developed in the
      future.

Given the changes made in the paragraph immediately above that note, this paragraph does not makes sense. (And again, if any algorithms are developed in the future, their specification can update this one allowing their use at that time).

I suggest deleting this note.

[Ballot discuss]
From the point of view of an uneducated reader; probably easy to clear:

Why does this document not simply refer to draft-ietf-behave-v6v4-xlate for all v6/v4 translations?  For example, in section 8.1, why is the TOS->Traffic Class translation from section 3.1 of draft-ietf-behave-v6v4-xlate not mentioned?

Why does this document not include ICMP translations?

[Ballot comment]
From Ari Keranen's review:

1. Introduction

    symmetric NATs that wish to be on the receiving end of a connection
    to a single peer.

Would help to have a reference to definition of symmetric NATs and
perhaps rather use the more up-to-date terminology of RFC4787 (endpoint
dependent filtering/mapping).


3. Overview of Operation

    Assuming the request is authenticated, the TURN server allocates a
    transport address of the type indicated in the REQUESTED-ADDRESS-
    FAMILY attribute.  This address is called the allocated transport
    address.

Could make sense to use the same terminology as TURN RFC: "Relayed
Transport Address" instead of "allocated transport address". Same issue
throughout the draft.


4.2. Receiving an Allocate Request

    If the server can successfully process the request, it allocates a
    transport address to the TURN client, called the allocated transport
    address, and returns it in the response to the Allocate Request.

s/to the TURN client/for the TURN client/ ?
(same issue a bit later in the section)


    As specified in [I-D.ietf-behave-turn], the Allocate Response
    contains the same transaction ID contained in the Allocate Request
    and the XOR-RELAYED-ADDRESS attribute that sets it to the allocated
    transport address.

The part "that sets it to the [...]" sounds a bit strange. Is there a
word missing?


5.1. Sending a Refresh Request

    To perform a binding refresh, the client generates a Refresh Request
    as described in Section 7.1 of [I-D.ietf-behave-turn].

Should this say "allocation refresh" instead of "binding refresh"?

[Ballot comment]
Section 8., paragraph 4:
>    The descriptions below have two parts: a preferred behavior and an
>    alternate behavior.  The server SHOULD implement the preferred
>    behavior.  However, if that is not possible for a particular field,
>    then the server SHOULD implement the alternative behavior.

  This would be better phrased as "SHOULD do preferred, MUST do
  alternative otherwise, MUST NOT do anything else."

[Ballot discuss]
The motivation for using SHOULD in section 8 (Packet Translations) is not compelling. As different translation algorithms are developed in the future, their specification can update this one. Such an update even seems necessary since the document is already setting up a preferred order and new algorithms would need to be placed in that ordering.

Is there another reason you are trying to use SHOULD here?

[Ballot discuss]
This is a placeholder DISCUSS.

Incorporate changes agreed during secdir review.

Further, Richard later pointed out an attack and some words to address it for section 9:

It is RECOMMENDED that TURN relays not accept allocation or channel binding requests from addresses known to be tunneled, and that they not forward data to such addresses.  In particular, a TURN relay MUST NOT accept Teredo or 6to4 addresses in these requests.

[Ballot discuss]
This is a placeholder DISCUSS.

Incorporate changes agreed during secdir review.

Further, Richard pointed out an attack and some words to address it for section 9:

It is RECOMMENDED that TURN relays not accept allocation or channel binding requests from addresses known to be tunneled, and that they not forward data to such addresses.  In particular, a TURN relay MUST NOT accept Teredo or 6to4 addresses in these requests.

[Ballot comment]
Based on earlier email between the secdir reviewer and one of the authors, I was expecting to
see a new version addressing the following agreed issues (lines beginning with ">" are the
reviewer, other text is the author's)

S.3, Paragraph "Assuming the request..."
> The server doesn't "assume" that the request is authenticated.  Suggest
> rephrasing as "After the request has been successfully authenticated, ..."

Agreed, fixed.

> S4.2, First paragraph
> As above, suggest rephrasing as "Once a server has verified that the
> request is authenticated and has not been tampered with, ..."

Agreed, fixed.

> S4.3
> Why is this a SHOULD NOT and not a MUST NOT?  What's the exceptional case?

I have no idea. I'll change it to a MUST NOT unless I receive more info
from my co-authors.

IANA comments:

IANA has reviewed draft-ietf-behave-turn-ipv6-09.txt, which is
currently in Last Call, and has the following comments:

Upon approval of this document, the IANA will complete the following
actions.

QUESTION: section 10 requests assignment in the "STUN Response Code
Registry". No such registry exists. Please confirm that the "STUN Error
Codes" registry is the intended registry.


ACTION 1:

make the following assignment in the "STUN Attributes" registry at
http://www.iana.org/assignments/stun-parameters/stun-parameters.xhtml

Value Name Reference
------ ------------------------ --------------
0x0017 REQUESTED-ADDRESS-FAMILY [RFC-behave-turn-ipv6-09]


ACTION 2:

make the following assignments in the "STUN Error Codes" registry at
http://www.iana.org/assignments/stun-parameters/stun-parameters.xhtml

Value Name Reference
----- ---------------------------- --------------
440 Address Family not Supported [RFC-behave-turn-ipv6-09]
443 Peer Address Family Mismatch [RFC-behave-turn-ipv6-09]

  (1.a)  Who is the Document Shepherd for this document?

draft-ietf-behave-turn-ipv6-08
Dan Wing, dwing@cisco.com

          Has the
          Document Shepherd personally reviewed this version of the
          document and, in particular, does he or she believe this
          version is ready for forwarding to the IESG for publication?

Yes.


  (1.b)  Has the document had adequate review both from key WG members
          and from key non-WG members?  Does the Document Shepherd have
          any concerns about the depth or breadth of the reviews that
          have been performed?

This document has received significant review from the community.


  (1.c)  Does the Document Shepherd have concerns that the document
          needs more review from a particular or broader perspective,
          e.g., security, operational complexity, someone familiar with
          AAA, internationalization, or XML?

No concerns.


  (1.d)  Does the Document Shepherd have any specific concerns or
          issues with this document that the Responsible Area Director
          and/or the IESG should be aware of?  For example, perhaps he
          or she is uncomfortable with certain parts of the document, or
          has concerns whether there really is a need for it.  In any
          event, if the WG has discussed those issues and has indicated
          that it still wishes to advance the document, detail those
          concerns here.

No concerns.


          Has an IPR disclosure related to this document
          been filed?  If so, please include a reference to the
          disclosure and summarize the WG discussion and conclusion on
          this issue.

None.


  (1.e)  How solid is the WG consensus behind this document?

Fairly solid.

          Does it
          represent the strong concurrence of a few individuals, with
          others being silent, or does the WG as a whole understand and
          agree with it?

The WG has a good understanding of, and agreement with, this document.


  (1.f)  Has anyone threatened an appeal or otherwise indicated extreme
          discontent?  If so, please summarize the areas of conflict in
          separate email messages to the Responsible Area Director.  (It
          should be in a separate email because this questionnaire is
          entered into the ID Tracker.)

No such threats or appeals.


  (1.g)  Has the Document Shepherd personally verified that the
          document satisfies all ID nits?  (See
          http://www.ietf.org/ID-Checklist.html and
          http://tools.ietf.org/tools/idnits/.)


Yes.

          Boilerplate checks are
          not enough; this check needs to be thorough.  Has the document
          met all formal review criteria it needs to, such as the MIB
          Doctor, media type, and URI type reviews? 

The document does not specify a MIB, media type, or URI, and thus
does not need to meet those review criteria.

          If the document
          does not already indicate its intended status at the top of
          the first page, please indicate the intended status here.

Intended Status:  Standards Track


  (1.h)  Has the document split its references into normative and
          informative?

Yes.

          Are there normative references to documents that
          are not ready for advancement or are otherwise in an unclear
          state?  If such normative references exist, what is the
          strategy for their completion?  Are there normative references
          that are downward references, as described in [RFC3967]?  If
          so, list these downward references to support the Area
          Director in the Last Call procedure for them [RFC3967].

All normative references are upward references, and all are RFCs.


  (1.i)  Has the Document Shepherd verified that the document's IANA
          Considerations section exists and is consistent with the body
          of the document?

Yes.

          If the document specifies protocol
          extensions, are reservations requested in appropriate IANA
          registries?

Yes.

          Are the IANA registries clearly identified?

Yes.

          If
          the document creates a new registry, does it define the
          proposed initial contents of the registry and an allocation
          procedure for future registrations?

The document does not create a new IANA registry.

          Does it suggest a
          reasonable name for the new registry?  See [RFC2434].  If the
          document describes an Expert Review process, has the Document
          Shepherd conferred with the Responsible Area Director so that
          the IESG can appoint the needed Expert during IESG Evaluation?

  (1.j)  Has the Document Shepherd verified that sections of the
          document that are written in a formal language, such as XML
          code, BNF rules, MIB definitions, etc., validate correctly in
          an automated checker?

The document contains no such formal language.


  (1.k)  The IESG approval announcement includes a Document
          Announcement Write-Up.  Please provide such a Document
          Announcement Write-Up.  Recent examples can be found in the
          "Action" announcements for approved documents.  The approval
          announcement contains the following sections:

          Technical Summary
            Relevant content can frequently be found in the abstract
            and/or introduction of the document.  If not, this may be
            an indication that there are deficiencies in the abstract
            or introduction.


This specification extends TURN (I-D.ietf-behave-turn) to support IPv6
communications to the remote peer.  TURN-IPv6 was designed to be used
as part of the ICE (Interactive Connectivity Establishment) approach
to NAT traversal, though it can be also used without ICE.


          Working Group Summary
            Was there anything in the WG process that is worth noting?
            For example, was there controversy about particular points
            or were there decisions where the consensus was
            particularly rough?

No.

          Document Quality
            Are there existing implementations of the protocol?

Yes.

            Have a
            significant number of vendors indicated their plan to
            implement the specification?

Yes.

            Are there any reviewers that
            merit special mention as having done a thorough review,
            e.g., one that resulted in important changes or a
            conclusion that the document had no substantive issues?

They are listed in the document's acknowledgement section


            If
            there was a MIB Doctor, Media Type, or other Expert Review,
            what was its course (briefly)?  In the case of a Media Type
            Review, on what date was the request posted?

No such reviews were necessary.


          Personnel
            Who is the Document Shepherd for this document?

Dan Wing, dwing@cisco.com

            Who is the
            Responsible Area Director?

Magnus Westerlund, magnus.westerlund@ericsson.com


            If the document requires IANA
            experts(s), insert 'The IANA Expert(s) for the registries
            in this document are .'


The document doesn't require IANA experts.



  The Document Shepherd MUST send the Document Shepherd Write-Up to the
  Responsible Area Director and iesg-secretary@ietf.org together with
  the request to publish the document.  The Document Shepherd SHOULD
  also send the entire Document Shepherd Write-Up to the working group
  mailing list.  If the Document Shepherd feels that information which
  may prove to be sensitive, may lead to possible appeals, or is
  personal needs to be written up, it SHOULD be sent in direct email to
  the Responsible Area Director, because the Document Shepherd Write-Up
  is published openly in the ID Tracker.  Question (1.f) of the
  Write-Up covers any material of this nature and specifies this more
  confidential handling.