[tram] Artart telechat review of draft-ietf-tram-stunbis-16

Peter Saint-Andre <stpeter@mozilla.com> Mon, 02 April 2018 22:59 UTC

Return-Path: <stpeter@mozilla.com>
X-Original-To: tram@ietf.org
Delivered-To: tram@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 35FF11252BA; Mon, 2 Apr 2018 15:59:45 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Peter Saint-Andre <stpeter@mozilla.com>
To: art@ietf.org
Cc: draft-ietf-tram-stunbis.all@ietf.org, ietf@ietf.org, tram@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.77.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152270998513.17947.16209089088681034529@ietfa.amsl.com>
Date: Mon, 02 Apr 2018 15:59:45 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/sAVcj2qhH5wRQHdTmjb5C325ZMY>
Subject: [tram] Artart telechat review of draft-ietf-tram-stunbis-16
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Apr 2018 22:59:45 -0000

Reviewer: Peter Saint-Andre
Review result: Ready with Nits

Section 1 states:

   Implementations and deployments of a STUN usage using TLS or DTLS
   should follow the recommendations in [RFC7525].

Wouldn't the security considerations be a better location for that text?

And given that this specification cites RFC 8174, I suggest changing
"should" to "SHOULD".

(I suggest that the authors review the usage of lowercase and uppercase
requirements keywords, because there might be inconsistencies, e.g., in
the first paragraphs of Section 6.1 and Section 6.2.)

In Section 4, please consider spelling out "SIP" on first use and
including a reference to RFC 3261.

The first paragaraph of Section 6.2.3 restates recommendations from RFC
7525; why not simply reference that specification?

Section 6.3.4 states:

   o  If the error code is 500 through 599, the client MAY resend the
      request; clients that do so MUST limit the number of times they do

It is reasonable to provide guidance as to the number of re-sends?

Section 9.1.1 and other sections invoke the OpaqueString profile of the
PRECIS FreeformClass; it might be helpful to mention that the profile is
used to handle Unicode characters outside the ASCII range, and that no
changes result if only ASCII characters are used.

In Section 14.2, please consider spelling out "ALG" on first use.

A reference to RFC 6151 seems appropriate regarding the fact that this
specification retains the use of MD5; in particular, the usage here is
actually HMAC-MD5, which is still sanctioned by RFC 6151.