On Tue, Jun 25, 2013 at 8:31 AM, Martin Rex <mrex(_at_)sap(_dot_)com> wrote:
Phillip Hallam-Baker wrote:
RECOMMENDED is a strong suggestion that the implementation may override
at
the discretion of the implementer. SHOULD is normative.
So the first tells me that I can make up my own mind, the second says
that
I should give a reason if I don't comply.
This is only half of the story.
PKIX (rfc5280) defines the concept of a "minimum requirements RP",
i.e. an implementation which implements only MUSTs, and potentially not
a single SHOULD. Essentially, this waters down all SHOULDs to MAYs.
From a minimum implementation point of view MAY, RECOMMENDED and SHOULD all
have the same effect. They are not identical from other points of view.
MAY tells the implementer that there is behavior that they are required to
accept from other implementations they interact with. So it creates an
implicit MUST NOT.
SHOULD tells the implementer that there is behavior that cannot be
compliance checked that is important.
I would like to see more clarity in IETF specs and the minimum use of MUST,
SHOULD and MAY since they all create compliance requirements.
Distinguishing RECOMMENDED from SHOULD properly would help here.
I suggest that if specs want to use RECOMMENDED and SHOULD as not being
synonyms that they follow the reference to 2119 with a statement explaining
the difference.
--
Website: http://hallambaker.com/