Last Call Review of draft-petithuguenin-behave-turn-uris-05
review-petithuguenin-behave-turn-uris-05-secdir-lc-tsou-2013-08-22-00
Request | Review of | draft-petithuguenin-behave-turn-uris |
---|---|---|
Requested revision | No specific revision (document currently at 08) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2013-08-16 | |
Requested | 2013-08-02 | |
Authors | Marc Petit-Huguenin , Suhas Nandakumar , Gonzalo Salgueiro , Paul Jones | |
I-D last updated | 2013-08-22 | |
Completed reviews |
Secdir Telechat review of -07
by Tina Tsou (Ting ZOU)
(diff)
Secdir Last Call review of -05 by Tina Tsou (Ting ZOU) (diff) Genart Telechat review of -07 by Suresh Krishnan (diff) Genart Last Call review of -05 by Suresh Krishnan (diff) |
|
Assignment | Reviewer | Tina Tsou (Ting ZOU) |
State | Completed | |
Request | Last Call review on draft-petithuguenin-behave-turn-uris by Security Area Directorate Assigned | |
Reviewed revision | 05 (document currently at 08) | |
Result | Has nits | |
Completed | 2013-08-22 |
review-petithuguenin-behave-turn-uris-05-secdir-lc-tsou-2013-08-22-00
Dear all, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: This document is almost ready for publication aiming for Standards Track. This document defines two URI schemes to provision the TURN Resolution Mechanism. This document defines TURN Server URI syntax. It considers UDP/TCP/TLS scenarios, facilitating applications like WEBRTC to use TURN Server to accomplish NAT Traversal. Major issues: None Minor issues: 1. The authors define the syntax for the turn/turns URI in ad hoc fashion, copying definitions from RFC 3986 rather than using RFC 3986 directly. The justification is that there is no need for hierarchy in the turn/turns URI. In fact, hierarchy is introduced only within the path component described by RFC 3986. The turn/turns URI as defined in this document is achieved by use of the RFC 3986 form: scheme ":" hier-part [ "?" query ] [ "#" fragment ] with the following specific rules: hier-part consists of the authority part and an empty path userinfo and the succeeding '@' MUST be omitted from authority the fragment portion is not present. It is strongly recommended that this formulation be used, to bring the document into line with RFC 3986. Note that this implies adding double slash '//' after the scheme. 2. The Security Considerations section correctly makes reference to RFC 5928, but perhaps does not make it clear that RFC 5928 Section 5 is essential reading. Could I suggest: "Security considerations for the resolution mechanism are discussed in Section 5 of [RFC5928]. Note that that section contains normative text defining authentication procedures to be followed by turn clients when TLS is used." Thank you, Tina