Last Call Review of draft-ietf-behave-turn-uri-
review-ietf-behave-turn-uri-secdir-lc-schoenwaelder-2009-10-22-00

Request Review of draft-ietf-behave-turn-uri
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-10-29
Requested 2009-10-16
Draft last updated 2009-10-22
Completed reviews Secdir Last Call review of -?? by Jürgen Schönwälder
Secdir Last Call review of -?? by Jürgen Schönwälder
Assignment Reviewer Jürgen Schönwälder
State Completed
Review review-ietf-behave-turn-uri-secdir-lc-schoenwaelder-2009-10-22
Review completed: 2009-10-22

Review
review-ietf-behave-turn-uri-secdir-lc-schoenwaelder-2009-10-22

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The document introduces the turn: and turns: URI schemes. The security
considerations point to the relevant documents, one of them being RFC
3958. Section 8 of RFC 3958 states that S-NAPTR application protocols
"should define some form of end-to-end authentication to ensure that
the correct destination has been reached." I think it would be useful
to spell how TURN meets this or whether there are reasons why TURN
does not need such a sanity check. (1-2 sentences should be enough.)

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <

http://www.jacobs-university.de/

>