In numerous places the development and deployment guide makes use of RFC
2119 language that is vague in its meaning. For example:
In particular, great care MUST be taken when
releasing memory pages to the operating system to ensure that private
key information is not disclosed to other processes.
This actually tells the implementor very little. My recommendation
would be to change to "must".
Channeling Dave here, 2119 language is case independent, i.e., must
and MUST mean the same thing, and the capitalization just calls it
out. In the current -ssp draft I looked for places that used 2119
words and either capitalized them if they were giving advice on making
implementations interoperate, or rewrote them to use other words if
not.
Lots of existing BCPs include 2119 normative language, so that
argument appears already to have been decided, but I agree they're
overused here.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html