Telechat Review of draft-ietf-tram-turn-third-party-authz-11
review-ietf-tram-turn-third-party-authz-11-genart-telechat-holmberg-2015-02-16-00

Request Review of draft-ietf-tram-turn-third-party-authz
Requested rev. no specific revision (document currently at 16)
Type Telechat Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2015-02-17
Requested 2015-02-04
Other Reviews Genart Last Call review of -08 by Christer Holmberg (diff)
Secdir Last Call review of -07 by Yaron Sheffer (diff)
Opsdir Last Call review of -08 by Tom Taylor (diff)
Review State Completed
Reviewer Christer Holmberg
Review review-ietf-tram-turn-third-party-authz-11-genart-telechat-holmberg-2015-02-16
Posted at http://www.ietf.org/mail-archive/web/gen-art/current/msg11346.html
Reviewed rev. 11 (document currently at 16)
Review result Ready with Nits
Draft last updated 2015-02-16
Review completed: 2015-02-16

Review
review-ietf-tram-turn-third-party-authz-11-genart-telechat-holmberg-2015-02-16






I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>




 




Document:                         draft-ietf-tram-turn-third-party-authz-09.txt




 




Reviewer:                           Christer Holmberg




 




Review Date:                     13 February 2015




 




IETF LC End Date:             4 January 2015




 




IETF Telechat Date:         19 February 2015




 




Summary:        I see that there has been quite of bit of changes in the draft since the previously reviewed version (-08). However, most of my comments seem to have been addressed. But, I still have a few comments, most
 related to my comments on the previously reviewed version.               




 




Major Issues: None




 




Minor Issues: None




 




Editorial nits: See below




 




 




 




-------------




 




Section 1:




 




Q1_2: Please add an OAuth reference on first occurrence.




 




-------------




 




Section 4:




 




 




Q4_2:  The section gives examples for the key establishment. I think you should make it clear that, when you say that the mechanism to use is outside the scope of the document, also should say the draft does not mandate
 any given mechanism.




 




Something like:




 




        “The procedure for establishment of the symmetric key is outside the scope of this




        specification, and this specification does not mandate support of any given mechanism.





        Sections 4.1.2, 4.1.2 and 4.1.3 show examples of mechanisms that can be used.”




 




 




 




Section 4.1.2:




 




Q4-1-2_1: Please add a reference to JSON on first occurrence. I see that section 3 no longer mentions JSON.




 




Q4-1-2_2: I suggest to add a reference to [I-D.ietf-oauth-pop-key-distribution] also in this section, and indicate that it defines the format of the JSON message.




 




-------------




 




 




Regards,




 




Christer