So, BCP 61's claim that MUST is for implementers and SHOULD is for
users is always something I've interpreted as non-normative and
additional explanation of RFC 2199. Well, I' guess it is normative in
that we do not for security reasons require that security be used.
I certainly think reviewing the musts and shoulds in this case is
fine, but if the authors believe they used the right word, then leave
the text. If there is a problem we can clean it up during iesg
evaluation.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf