ietf
[Top] [All Lists]

Re: Last Call: 'TLS User Mapping Extension' to Proposed Standard

2006-04-04 11:26:39


On Thursday, March 30, 2006 06:00:36 PM +0200 Simon Josefsson <jas(_at_)extundo(_dot_)com> wrote:

http://www.ietf.org/internet-drafts/draft-santesson-tls-ume-04.txt says:

   This document does not specify how the server stores the
   user_principal_name, or how exactly it might be used to locate a
   certificate.  For instance, it might be appropriate to do a case-
   insensitive lookup.  It is RECOMMENDED that the server processes the
   user_principal_name with a stringprep profile [N7] appropriate for
   the identity in question, such as Nameprep [N8] for the portion
   domain portion of UPN, SASLprep [N9] for the user portion of the UPN
   and stringprep appendix B.3 [N7] as mapping table for case folding.

Given that the first and second sentence make it clear that the use of
StringPrep is not required, I suggest using MAY instead of RECOMMENDED
in the third sentence.  RECOMMENDED is the same as SHOULD according to
RFC 2119, and is a fairly strong recommendation.  Its use seem
misplaced here.

Right. RECOMMENDED does not mean "we think this is a good idea". It means something more like "you have to do this or have a good reason not to".


It may be better to avoid RFC 2119 language completely here, because
the entire paragraph is merely an example of what you can do.

Agree.  RFC2119 language has no place in a "for instance".

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>
  • Re: Last Call: 'TLS User Mapping Extension' to Proposed Standard, Jeffrey Hutzelman <=