RE: 2119bis

It seems to me RFC2119bis might benefit from some consensus text on what proper 
use of each is, beyond defining their respective meanings.  From the 
discussion, this is obviously true for SHOULD at least.  The discussion around 
use of MAY in RFC2119 is fairly thorough, so maybe SHOULD needs to be similarly 
expanded.  And I suspect some distillation of this discussion might provide 
some ideal text.

-MSK

From: ietf-bounces(_at_)ietf(_dot_)org 
[mailto:ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Eric Burger
Sent: Tuesday, August 30, 2011 11:03 AM
To: IETF discussion list
Subject: Re: 2119bis

Note the language
"MUST implement, SHOULD use" is a common compromise.
                                          ^^^^^^^^^^^

This is my heartache.  Why is it a compromise?  Most use of SHOULD I run into 
in WG's is either this precise one:
    I don't want to make this a MUST use, because I will have deployments *THAT 
ARE NOT FOR THE INTERNET* but I want to market them as if they were.
Example: instant messaging systems for enterprises where tapping is a legal 
requirement, not something to be avoided.
Example: instant messaging systems deployed where governments want to do 
warrantless, undetectable tapping

I would offer neither of these examples are Internet examples, and we should 
get some iron underpants on and say so.

Internet protocols need Internet protections.

SHOULD should neither be a crutch for making a proprietary protocol look like 
an Internet protocol nor for making two proprietary protocols look like a 
single, Internet protocol.

On Aug 30, 2011, at 1:50 PM, Keith Moore wrote:


On Aug 30, 2011, at 12:46 PM, Eric Burger wrote:


Can you give an example of where a dangling SHOULD makes sense?  Most often I 
see something like:
    SHOULD implement security
meaning
    SHOULD implement security, unless you do not feel like it or are in an 
authoritarian regime that bans security

That wording doesn't make any sense.  Security implementation should almost 
always be a MUST, regardless of what any particular government might say.  We 
shouldn't relax the security requirements of our protocols because of 
brain-damaged governments (and I include my own country's government in that 
list).

In cases like this it's sometimes important to distinguish between 
implementation and use.  "MUST implement, SHOULD use" is a common compromise.

Note also that MUST doesn't mean "you have to do this".   It means "if you 
don't do this, you don't comply with the specification".

I don't think the example above is a typical use of SHOULD, though it might be 
too common.

Keith

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread]	Current Thread	[Next in Thread>
Re: 2119bis, (continued) Re: 2119bis, Keith Moore Re: 2119bis, Eric Burger Re: 2119bis, Keith Moore Re: 2119bis, Marc Petit-Huguenin Re: 2119bis, Keith Moore Re: 2119bis, Marc Petit-Huguenin Re: 2119bis, Eric Burger Re: 2119bis, HLS Re: 2119bis, Keith Moore Re: 2119bis, Eric Burger RE: 2119bis, Murray S. Kucherawy <= Re: 2119bis, Keith Moore Re: 2119bis, Eric Burger Re: 2119bis, Richard Barnes Re: 2119bis, Spencer Dawkins Re: 2119bis, Keith Moore Re: 2119bis, Marc Petit-Huguenin Re: 2119bis, Bill McQuillan Re: 2119bis, Martin Sustrik Re: 2119bis, Keith Moore RE: 2119bis, Murray S. Kucherawy