I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at   Document:                         draft-ietf-tram-turn-third-party-authz-09.txt   Reviewer:                           Christer Holmberg   Review Date:                     13 February 2015   IETF LC End Date:             4 January 2015   IETF Telechat Date:         19 February 2015   Summary:        I see that there has been quite of bit of changes in the draft since the previously reviewed version (-08). However, most of my comments seem to have been addressed. But, I still have a few comments, most related to my comments on the previously reviewed version.                 Major Issues: None   Minor Issues: None   Editorial nits: See below       -------------   Section 1:   Q1_2: Please add an OAuth reference on first occurrence.   -------------   Section 4:     Q4_2:  The section gives examples for the key establishment. I think you should make it clear that, when you say that the mechanism to use is outside the scope of the document, also should say the draft does not mandate any given mechanism.   Something like:           “The procedure for establishment of the symmetric key is outside the scope of this         specification, and this specification does not mandate support of any given mechanism.         Sections 4.1.2, 4.1.2 and 4.1.3 show examples of mechanisms that can be used.”       Section 4.1.2:   Q4-1-2_1: Please add a reference to JSON on first occurrence. I see that section 3 no longer mentions JSON.   Q4-1-2_2: I suggest to add a reference to [I-D.ietf-oauth-pop-key-distribution] also in this section, and indicate that it defines the format of the JSON message.   -------------     Regards,   Christer