Telechat Review of draft-ietf-tram-turn-third-party-authz-11
review-ietf-tram-turn-third-party-authz-11-genart-telechat-holmberg-2015-02-16-00

I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART,
please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>



Document:                         draft-ietf-tram-turn-third-party-authz-09.txt



Reviewer:                           Christer Holmberg



Review Date:                     13 February 2015



IETF LC End Date:             4 January 2015



IETF Telechat Date:         19 February 2015



Summary:        I see that there has been quite of bit of changes in the draft
since the previously reviewed version (-08). However, most of my comments seem
to have been addressed. But, I still have a few comments, most
 related to my comments on the previously reviewed version.



Major Issues: None



Minor Issues: None



Editorial nits: See below







-------------



Section 1:



Q1_2: Please add an OAuth reference on first occurrence.



-------------



Section 4:





Q4_2:  The section gives examples for the key establishment. I think you should
make it clear that, when you say that the mechanism to use is outside the scope
of the document, also should say the draft does not mandate
 any given mechanism.



Something like:



        “The procedure for establishment of the symmetric key is outside the
        scope of this

        specification, and this specification does not mandate support of any
        given mechanism.

        Sections 4.1.2, 4.1.2 and 4.1.3 show examples of mechanisms that can be
        used.”







Section 4.1.2:



Q4-1-2_1: Please add a reference to JSON on first occurrence. I see that
section 3 no longer mentions JSON.



Q4-1-2_2: I suggest to add a reference to [I-D.ietf-oauth-pop-key-distribution]
also in this section, and indicate that it defines the format of the JSON
message.



-------------





Regards,



Christer