[email protected]
[Top] [All Lists]

NOT RECOMMENDED (was: Re: [TLS] Last Call: draft-ietf-tls-renegotiation)

Subject: NOT RECOMMENDED was: Re: [TLS] Last Call: draft-ietf-tls-renegotiation
From: Peter Saint-Andre
Date: Tue, 01 Dec 2009 20:05:44 -0700
On 12/1/09 7:49 PM, Martin Rex wrote:
> Stephen Farrell wrote:
>> 7. 6.2 says: "If servers wish to <<avoid attack>> they MUST
>> NOT <<do stuff>>" Isn't that equivalent to servers SHOULD
>> NOT? I think a SHOULD NOT is better. (And that's the form
>> used in section 7.)
> 
> 
> This might be confusion with ISO terminology.
> 
>    MUST       ==  SHALL
>    MUST NOT   ==  SHALL NOT
>    SHOULD     ==  RECOMMENDED
>    SHOULD NOT ==  NOT RECOMMENDED
> 
> 
>    The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
>    "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
>    document are to be interpreted as described in RFC 2119 [RFC2119].

It's always puzzled me why the boilerplate quoted above does not include
the phrase "NOT RECOMMENDED", given that RFC 2119 mentions it a mere
five paragraphs later:

   4. SHOULD NOT  This phrase, or the phrase "NOT RECOMMENDED" mean that
   there may exist valid reasons in particular circumstances when the
   particular behavior is acceptable or even useful, but the full
   implications should be understood and the case carefully weighed
   before implementing any behavior described with this label.

Is this a spec bug in RFC 2119?

Peter

-- 
Peter Saint-Andre
https://stpeter.im/


_______________________________________________
Ietf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf
<Prev in Thread] Current Thread [Next in Thread>