On Wednesday 05 December 2007 08:07, Charles Lindsey wrote:
On Tue, 04 Dec 2007 18:10:37 -0000, Jim Fenton <fenton(_at_)cisco(_dot_)com>
wrote:
Charles Lindsey wrote:
But it has no business whatsoever making normative statements about
what verifiers are to do, so wording of the form "Verifiers MUST" is
quite out pf place - that is BCP material.
Somehow, we need to tell verifiers what they need to do in order to
implement this specification. Nobody is saying that verifiers MUST
implement SSP at all, but rather that if they want to implement SSP,
this is how they MUST do it. Of course, verifiers are free to implement
some other SSP-like thing, even one that acts on SSP records, but I feel
we need to provide some precision in the thing we're calling SSP.
Then do not use "MUST" language when speaking of verifiers. Or,
alternatively, include wording of the form:
"This document describes processes for what verifiers are expected to do
in order to achieve what the signers intend.
But these descriptions are not Normative since there is no compulsion on
verifiers to follow those processes exactly as described, or even at all.
Therefore, use of the terms "MUST" and "SHOULD" in these descriptions
merely indicate the steps verifiers need to take if they want to claim
adherence to the particular set of processes described here."
That essentially modifies the interpretations given in RFC 2119 (and 2119
already implies that such modifications are appropriate in non-normative
contexts).
There may be better ways to express all this.
How would doing this work change what verifiers do after the RFC is deployed?
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html