Dear all, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.   Summary: This document is almost ready for publication aiming for Standards Track.   This document defines two URI schemes to provision the TURN Resolution Mechanism.   This document defines TURN Server URI syntax. It considers UDP/TCP/TLS scenarios, facilitating applications like WEBRTC to use TURN Server to accomplish NAT Traversal.   Major issues: None   Minor issues:   1. The authors define the syntax for the turn/turns URI in ad hoc fashion, copying definitions from RFC 3986 rather than using RFC 3986 directly. The justification is that there is no need for hierarchy in the turn/turns URI.   In fact, hierarchy is introduced only within the path component described by RFC 3986. The turn/turns URI as defined in this document is achieved by use of the RFC 3986 form:   scheme ":" hier-part [ "?" query ] [ "#" fragment ]   with the following specific rules:     hier-part consists of the authority part and an empty path     userinfo and the succeeding '@' MUST be omitted from authority     the fragment portion is not present.   It is strongly recommended that this formulation be used, to bring the document into line with RFC 3986. Note that this implies adding double slash '//' after the scheme.   2. The Security Considerations section correctly makes reference to RFC 5928, but perhaps does not make it clear that RFC 5928 Section 5 is essential reading. Could I suggest:   "Security considerations for the resolution mechanism are discussed in Section 5 of [RFC5928]. Note that that section contains normative text defining authentication procedures to be followed by turn clients when TLS is used."     Thank you, Tina