On Thursday, March 30, 2006 06:00:36 PM +0200 Simon Josefsson
<jas(_at_)extundo(_dot_)com> wrote:
http://www.ietf.org/internet-drafts/draft-santesson-tls-ume-04.txt says:
This document does not specify how the server stores the
user_principal_name, or how exactly it might be used to locate a
certificate. For instance, it might be appropriate to do a case-
insensitive lookup. It is RECOMMENDED that the server processes the
user_principal_name with a stringprep profile [N7] appropriate for
the identity in question, such as Nameprep [N8] for the portion
domain portion of UPN, SASLprep [N9] for the user portion of the UPN
and stringprep appendix B.3 [N7] as mapping table for case folding.
Given that the first and second sentence make it clear that the use of
StringPrep is not required, I suggest using MAY instead of RECOMMENDED
in the third sentence. RECOMMENDED is the same as SHOULD according to
RFC 2119, and is a fairly strong recommendation. Its use seem
misplaced here.
Right. RECOMMENDED does not mean "we think this is a good idea". It means
something more like "you have to do this or have a good reason not to".
It may be better to avoid RFC 2119 language completely here, because
the entire paragraph is merely an example of what you can do.
Agree. RFC2119 language has no place in a "for instance".
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf