On Dec 21, 2012, at 10:06 AM, Ted Lemon
<Ted(_dot_)Lemon(_at_)nominum(_dot_)com> wrote:
On Dec 21, 2012, at 10:45 AM, Ben Campbell <ben(_at_)nostrum(_dot_)com> wrote:
As I responded separately to Ramakrishna, is the SHOULD use 4030 language a
new requirement specific to this draft? Or is it just describing
requirements in 3046 or elsewhere?
I suppose the authors should really answer this, but I was curious as well,
and went looking. I think RFC4030 should have updated RFC3046 to add this
as a security consideration, but it did not. However, e.g. RFC4243, RFC5010
and RFC5107 do add a similar requirement to their security considerations
section, so it's probably fair to say that this has been informally adopted
as appropriate practice for security considerations sections.
Perhaps we should adopt the practice more formally... :)
Pending the authors' comments, it sounds like it's good as is. (Assuming that
"adopt[ing] the practice more formally" isn't _this_ draft's problem :-) )