[secdir] Secdir review of draft-ietf-tram-turn-mobility-03

"Waltermire, David A. (Fed)" <david.waltermire@nist.gov> Mon, 08 August 2016 16:56 UTC

Return-Path: <david.waltermire@nist.gov>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06EAF12D84B; Mon, 8 Aug 2016 09:56:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VsQjT-Me5TgX; Mon, 8 Aug 2016 09:56:05 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0136.outbound.protection.outlook.com [23.103.200.136]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3871612D66F; Mon, 8 Aug 2016 09:56:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=1wPWlx4JPnGXwm/JfQnDOLZyscRIgDR0vE/uedQf6aw=; b=je5J5x0mEMP+5fLwbNlSrEOdM6RqwMk36z1RGCMc6tp92dyJfP3myk5qAIvkKvWJ5rl4iBoueU+spzZzxbZC8JdYiUAYiCerhPN0nmyrm5P3ixQ6MXUjGBuHUtRoIpqcswpbeYRDjsiMlael8e0jeQ5VkynWzLN6XO5v1g4hv1M=
Received: from MWHPR09MB1440.namprd09.prod.outlook.com (10.173.50.14) by MWHPR09MB1439.namprd09.prod.outlook.com (10.173.50.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.549.15; Mon, 8 Aug 2016 16:56:00 +0000
Received: from MWHPR09MB1440.namprd09.prod.outlook.com ([10.173.50.14]) by MWHPR09MB1440.namprd09.prod.outlook.com ([10.173.50.14]) with mapi id 15.01.0549.025; Mon, 8 Aug 2016 16:56:00 +0000
From: "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>
To: "secdir@ietf.org" <secdir@ietf.org>, "'iesg@ietf.org'" <iesg@ietf.org>, "draft-ietf-tram-turn-mobility.all@ietf.org" <draft-ietf-tram-turn-mobility.all@ietf.org>
Thread-Topic: Secdir review of draft-ietf-tram-turn-mobility-03
Thread-Index: AdHxlZAf0viCeDMrR7KVHzNfcwAdaA==
Date: Mon, 8 Aug 2016 16:55:59 +0000
Message-ID: <MWHPR09MB14407DC07A9F24514A49754AF01B0@MWHPR09MB1440.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=david.waltermire@nist.gov;
x-originating-ip: [129.6.224.58]
x-ms-office365-filtering-correlation-id: 447a1b7e-fe8d-4474-90d6-08d3bfacdfd7
x-microsoft-exchange-diagnostics: 1; MWHPR09MB1439; 6:m84n/SWJL5V0FfNwGtGTBYq/Rs7/28jSFaAFnBJRaPQdskdPSCMSi+QMRYtc1jHkCnc9+NtweNMxMlBzWtWD03kFqilARd6qMQsOh/OEsqIfpp3C4OYsBHIr6b6o4rv62YvqjmY7Un3Vwffieykf/qWKrnDGH3SQzYjEoo22P9lm6+H4rhuvJ4HZWlCva3XLWP9ecCuVD0oHEbajkKIWAsQhSepvYkUwTHyp/8rxcf4Aqf+8TqGwG6BTkhR4Rqk6CEUa1yEKsx/NreLdjbA2/5rU2590Zt7sHfMBQTsmskOqdVniZ2+L52UIKH7Lua8B9Mn+x4c+soRCvV/P5JoFmg==; 5:/Ra89pZSJ92VDCLJYBnyF4bdrT27A46yS1QPjJtm6Akg/S4UMJuZWocxkHul3aTG/6MoNIB7w5nbt9D2xs9XSeR+Pfasj2O0xFVEmveNNeGdIeWjRDTzkhGhkG34ljxO/8jjTKrahKH8dYJqAnOuWQ==; 24:Bx9B3mGaBsnkbYBWvSXYfEWd1ke7y4uY1C8qGdHJKLJ/grA6nzlNfxWAgLxIKissly9NS8V/K5eWkF3Sy6bQ88+X2ob3BVqgwLjNfwujNmM=; 7:Bt7DmTwW/j57dNx930CdMgRIQR7aWz3Yb9UL0OvGkw5Ck3a20zc92vnh8tK+6h4AGAEKqyE0M8snHh6bx6uQVvNSMLnuZ+BUOQMqB0SqeJ1RfzA221aVyySVJuBaEAQx2RFq8KOqGXzV9wjqi66azFq1cRFdZSGglO/Bmq0G2h0P66R1A0PgDbFcrvCBQjNmxh/AAV5ZU7228rU9kmqhw4Yz/w1xSCgOw9Qx3YyEMxpUnMipasPqVY4/2nOq1xQI
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:MWHPR09MB1439;
x-microsoft-antispam-prvs: <MWHPR09MB1439E873AE8D8D980E8D943CF01B0@MWHPR09MB1439.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026); SRVR:MWHPR09MB1439; BCL:0; PCL:0; RULEID:; SRVR:MWHPR09MB1439;
x-forefront-prvs: 00286C0CA6
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(199003)(189002)(10400500002)(229853001)(2906002)(101416001)(68736007)(2900100001)(122556002)(106356001)(33656002)(5001770100001)(3660700001)(97736004)(99286002)(77096005)(107886002)(105586002)(189998001)(92566002)(86362001)(87936001)(3280700002)(230783001)(102836003)(586003)(7696003)(66066001)(3846002)(6116002)(50986999)(2501003)(8676002)(8936002)(74316002)(305945005)(81156014)(54356999)(5002640100001)(9686002)(11100500001)(81166006)(7846002)(450100001)(7736002)(76576001)(491001); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR09MB1439; H:MWHPR09MB1440.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Aug 2016 16:55:59.7446 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR09MB1439
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/1uWuQHDEaS-3HwPwbQBlL-3F_VE>
Subject: [secdir] Secdir review of draft-ietf-tram-turn-mobility-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2016 16:56:07 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

Summary: ready with nits.

This standards track draft describes a mechanism for a Traversal Using Relays around NAT (TURN) client to re-associate with a TURN server after the clients IP address and/or port changes allowing previous allocations to be kept. This helps to support IP address mobility in a way that is transparent and seamless to remote peers.

I found that the draft clearly articulates the problem it is trying to solve. The security considerations seem to be appropriate for the draft.

The following are minor nits and editorial issues with the draft that would be good to address before progressing the draft:

In section 1, second paragraph, STUN should be spelled out on its first use and an informative reference to RFC 7635 should be included.

In section 2, there is an extra space s/[RFC5245] , and the/[RFC5245], and the/. Similar issues exist throughout the document which also need to be fixed. 

The phase "TBD (Mobility Forbidden)" is used in section 3.1.4 and in other parts of the document as a placeholder for the 405 Mobility Forbidden STUN Error Code requested in the IANA considerations. While the actions to be taken by IANA are clear, the TBD placeholders should be filled in with what is expected to be assigned by IANA before the draft progresses.

Regards,
Dave Waltermire