Skip to main content

Last Call Review of draft-ietf-tram-turn-third-party-authz-08

Request Review of draft-ietf-tram-turn-third-party-authz
Requested revision No specific revision (document currently at 16)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2015-02-17
Requested 2015-01-22
Authors Tirumaleswar Reddy.K , Prashanth Patil , Ram R , Justin Uberti
I-D last updated 2015-02-05
Completed reviews Genart Last Call review of -08 by Christer Holmberg (diff)
Genart Telechat review of -11 by Christer Holmberg (diff)
Secdir Last Call review of -07 by Yaron Sheffer (diff)
Opsdir Last Call review of -08 by Tom Taylor (diff)
Assignment Reviewer Christer Holmberg
State Completed
Review review-ietf-tram-turn-third-party-authz-08-genart-lc-holmberg-2015-02-05
Reviewed revision 08 (document currently at 16)
Result Ready with Nits
Completed 2015-02-05

I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART,
please see the FAQ at <>

Document:                         draft-ietf-tram-turn-third-party-authz-08.txt

Reviewer:                           Christer Holmberg

Review Date:                     5 February 2015

IETF LC End Date:             4 January 2015

IETF Telechat Date:         19 February 2015

Summary: The document is well written, and almost ready for publication.
However, I do have some editorial comments, which I request to authors to

Major Issues: None

Minor Issues: None

Editorial nits: See below



QGEN_1: The text says “OAuth”. Should it say “OAuth 2.0”?


Section 1:

Q1_1: The text says “OAuth”. Should it say “OAuth 2.0”?

Q1_2: Please add an OAuth reference on first occurrence.

Q1_3: I suggest to add a sentence, saying that the document also defines how to
use OAuth with the TURN extension.


Section 3:

Q3_1: The text says:

“In the future STUNbis [I-D.ietf-tram-stunbis] will support hash

agility and accomplish this agility by conveying the HMAC algorithms

supported by the STUN server along with a STUN error message to the


I suggest to remove “In the future STUNbis”.

Q3_2: The text says:

              “The STUN token is returned in JSON”

Should the text say “JSON format”, “JSON syntax”, or something similar?

Q3_3: Please add a reference to JSON on first occurence.

Q3_4: Where are the parameter names of the JSON message defined? Are the
parameter names identical to the ones listed in section 6.2? Figure 3 does show
an example, but there should be normative text.


Section 4:

Q4_1:    The section gives an example using a TURN server. But, before that
TURN has not been mentioned, and TURN usage is not described until section 9.

In addition, I don’t think the example even belongs in this section, which is
only about obtaining the access token. I suggest to move the example to section


Section 7:

Q7_1: I suggest to change the section name to “STUN Server Procedures”, or
something like that.


Section 8:

Q8_1: I suggest to change the section name to “STUN Client Procedures”, or
something like that.