Re: 2119bis

Note the language

"MUST implement, SHOULD use" is a common compromise.

                                          ^^^^^^^^^^^

This is my heartache.  Why is it a compromise?  Most use of SHOULD I run into 
in WG's is either this precise one:
        I don't want to make this a MUST use, because I will have deployments 
*THAT ARE NOT FOR THE INTERNET* but I want to market them as if they were.
Example: instant messaging systems for enterprises where tapping is a legal 
requirement, not something to be avoided.
Example: instant messaging systems deployed where governments want to do 
warrantless, undetectable tapping

I would offer neither of these examples are Internet examples, and we should 
get some iron underpants on and say so.

Internet protocols need Internet protections.

SHOULD should neither be a crutch for making a proprietary protocol look like 
an Internet protocol nor for making two proprietary protocols look like a 
single, Internet protocol.

On Aug 30, 2011, at 1:50 PM, Keith Moore wrote:

On Aug 30, 2011, at 12:46 PM, Eric Burger wrote:

Can you give an example of where a dangling SHOULD makes sense?  Most often 
I see something like:
     SHOULD implement security
meaning
     SHOULD implement security, unless you do not feel like it or are in an 
authoritarian regime that bans security


That wording doesn't make any sense.  Security implementation should almost 
always be a MUST, regardless of what any particular government might say.  We 
shouldn't relax the security requirements of our protocols because of 
brain-damaged governments (and I include my own country's government in that 
list).    

In cases like this it's sometimes important to distinguish between 
implementation and use.  "MUST implement, SHOULD use" is a common compromise.

Note also that MUST doesn't mean "you have to do this".   It means "if you 
don't do this, you don't comply with the specification".

I don't think the example above is a typical use of SHOULD, though it might 
be too common.

Keith

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread]	Current Thread	[Next in Thread>
Re: 2119bis, (continued) Re: 2119bis, Marc Petit-Huguenin Re: 2119bis, Keith Moore Re: 2119bis, Eric Burger Re: 2119bis, Keith Moore Re: 2119bis, Marc Petit-Huguenin Re: 2119bis, Keith Moore Re: 2119bis, Marc Petit-Huguenin Re: 2119bis, Eric Burger Re: 2119bis, HLS Re: 2119bis, Keith Moore Re: 2119bis, Eric Burger <= RE: 2119bis, Murray S. Kucherawy Re: 2119bis, Keith Moore Re: 2119bis, Eric Burger Re: 2119bis, Richard Barnes Re: 2119bis, Spencer Dawkins Re: 2119bis, Keith Moore Re: 2119bis, Marc Petit-Huguenin Re: 2119bis, Bill McQuillan Re: 2119bis, Martin Sustrik Re: 2119bis, Keith Moore