Last Call Review of draft-ietf-behave-turn-uri-
review-ietf-behave-turn-uri-secdir-lc-schoenwaelder-2009-10-22-00
| Request | Review of | draft-ietf-behave-turn-uri |
|---|---|---|
| Requested revision | No specific revision (document currently at 10) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2009-10-29 | |
| Requested | 2009-10-16 | |
| Authors | Marc Petit-Huguenin | |
| I-D last updated | 2009-10-22 | |
| Completed reviews |
Secdir Last Call review of -??
by Jürgen Schönwälder
Secdir Last Call review of -?? by Jürgen Schönwälder |
|
| Assignment | Reviewer | Jürgen Schönwälder |
| State | Completed | |
| Request | Last Call review on draft-ietf-behave-turn-uri by Security Area Directorate Assigned | |
| Completed | 2009-10-22 |
review-ietf-behave-turn-uri-secdir-lc-schoenwaelder-2009-10-22-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The document introduces the turn: and turns: URI schemes. The security considerations point to the relevant documents, one of them being RFC 3958. Section 8 of RFC 3958 states that S-NAPTR application protocols "should define some form of end-to-end authentication to ensure that the correct destination has been reached." I think it would be useful to spell how TURN meets this or whether there are reasons why TURN does not need such a sanity check. (1-2 sentences should be enough.) /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany Fax: +49 421 200 3103 < http://www.jacobs-university.de/ >