Telechat Review of draft-ietf-tram-turn-third-party-authz-11

Request Review of draft-ietf-tram-turn-third-party-authz
Requested rev. no specific revision (document currently at 16)
Type Telechat Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2015-02-17
Requested 2015-02-04
Authors Tirumaleswar Reddy.K, Prashanth Patil, Ram R, Justin Uberti
Draft last updated 2015-02-16
Completed reviews Genart Last Call review of -08 by Christer Holmberg (diff)
Genart Telechat review of -11 by Christer Holmberg (diff)
Secdir Last Call review of -07 by Yaron Sheffer (diff)
Opsdir Last Call review of -08 by Tom Taylor (diff)
Assignment Reviewer Christer Holmberg
State Completed
Review review-ietf-tram-turn-third-party-authz-11-genart-telechat-holmberg-2015-02-16
Reviewed rev. 11 (document currently at 16)
Review result Ready with Nits
Review completed: 2015-02-16


I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at <>


Document:                         draft-ietf-tram-turn-third-party-authz-09.txt


Reviewer:                           Christer Holmberg


Review Date:                     13 February 2015


IETF LC End Date:             4 January 2015


IETF Telechat Date:         19 February 2015


Summary:        I see that there has been quite of bit of changes in the draft since the previously reviewed version (-08). However, most of my comments seem to have been addressed. But, I still have a few comments, most
 related to my comments on the previously reviewed version.               


Major Issues: None


Minor Issues: None


Editorial nits: See below






Section 1:


Q1_2: Please add an OAuth reference on first occurrence.




Section 4:



Q4_2:  The section gives examples for the key establishment. I think you should make it clear that, when you say that the mechanism to use is outside the scope of the document, also should say the draft does not mandate
 any given mechanism.


Something like:


        “The procedure for establishment of the symmetric key is outside the scope of this

        specification, and this specification does not mandate support of any given mechanism.

        Sections 4.1.2, 4.1.2 and 4.1.3 show examples of mechanisms that can be used.”




Section 4.1.2:


Q4-1-2_1: Please add a reference to JSON on first occurrence. I see that section 3 no longer mentions JSON.


Q4-1-2_2: I suggest to add a reference to [I-D.ietf-oauth-pop-key-distribution] also in this section, and indicate that it defines the format of the JSON message.