[secdir] secdir review of: draft-ietf-behave-turn-tcp-06

"Patrick Cain" <pcain@coopercain.com> Mon, 29 March 2010 21:16 UTC

Return-Path: <pcain@coopercain.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DEEA13A6975; Mon, 29 Mar 2010 14:16:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.869
X-Spam-Level:
X-Spam-Status: No, score=-0.869 tagged_above=-999 required=5 tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13, GB_I_LETTER=-2]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r99H1h98NlHr; Mon, 29 Mar 2010 14:16:44 -0700 (PDT)
Received: from server1.acmehacking.com (server1.acmehacking.com [72.51.39.79]) by core3.amsl.com (Postfix) with ESMTP id A50D93A694E; Mon, 29 Mar 2010 14:16:44 -0700 (PDT)
Received: from familyroom (phoneroom10.bc.edu [136.167.27.76]) (authenticated bits=0) by server1.acmehacking.com (8.14.3/8.13.8) with ESMTP id o2TLH5VJ024661 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 29 Mar 2010 16:17:11 -0500
Received: from familyroom by familyroom (PGP Universal service); Mon, 29 Mar 2010 17:17:12 -0500
X-PGP-Universal: processed; by familyroom on Mon, 29 Mar 2010 17:17:12 -0500
From: "Patrick Cain" <pcain@coopercain.com>
To: <secdir@ietf.org>, <draft-ietf-behave-turn-tcp.all@tools.ietf.org>
Date: Mon, 29 Mar 2010 17:17:05 -0400
Message-ID: <017001cacf85$327ccc40$977664c0$@com>
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcrPhR7+0oqLAfTnQw2+aOdEigah5Q==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Language: en-us
Cc: iesg@ietf.org
Subject: [secdir] secdir review of: draft-ietf-behave-turn-tcp-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Mar 2010 21:16:48 -0000

Hi,

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

   The document defines an extension of Traversal Using Relays
   around NAT (TURN), a relay protocol for NAT traversal, to allow a
   TURN client to request TCP allocations, and defines new requests and
   indications for the TURN server to open and accept TCP connections
   with the client's peers.

After reading the other four-letter protocol specs (TURN, STUN) I have no 
problems with this document. The new features do not raise any security 
concerns that are not already addressed in the base TURN documents.

Pat Cain