-----Original Message-----
From: ietf-bounces(_at_)ietf(_dot_)org
[mailto:ietf-bounces(_at_)ietf(_dot_)org] On
Behalf Of Peter Saint-Andre
Sent: Tuesday, December 01, 2009 7:06 PM
To: mrex(_at_)sap(_dot_)com
Cc: ietf(_at_)ietf(_dot_)org
Subject: NOT RECOMMENDED (was: Re: [TLS] Last
Call:draft-ietf-tls-renegotiation)
On 12/1/09 7:49 PM, Martin Rex wrote:
Stephen Farrell wrote:
7. 6.2 says: "If servers wish to <<avoid attack>> they MUST
NOT <<do stuff>>" Isn't that equivalent to servers SHOULD
NOT? I think a SHOULD NOT is better. (And that's the form
used in section 7.)
This might be confusion with ISO terminology.
MUST == SHALL
MUST NOT == SHALL NOT
SHOULD == RECOMMENDED
SHOULD NOT == NOT RECOMMENDED
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this
document are to be interpreted as described in RFC 2119
[RFC2119].
It's always puzzled me why the boilerplate quoted above does
not include
the phrase "NOT RECOMMENDED", given that RFC 2119 mentions it a mere
five paragraphs later:
4. SHOULD NOT This phrase, or the phrase "NOT
RECOMMENDED" mean that
there may exist valid reasons in particular circumstances when the
particular behavior is acceptable or even useful, but the full
implications should be understood and the case carefully weighed
before implementing any behavior described with this label.
Is this a spec bug in RFC 2119?
Probably.
According to
http://www.rfc-editor.org/errata_search.php?rfc=2119
it was reported as Errata ID 499 by Anders Langmyr on 2006-01-09.
-d
Peter
--
Peter Saint-Andre
https://stpeter.im/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf