On Jan 26, 2024, at 3:53 PM, Tim Hollebeek <tim.hollebeek=40digicert.com@xxxxxxxxxxxxxx> wrote: > > Yes, that's the correct paragraph I was referring to. > > Unfortunately, RFC 2119 does actually imply that these words can't > be used in non-2119 ways: > > "In many standards track documents several words are used to signify > the requirements in the specification. These words are often > capitalized. This document defines these words as they should be > interpreted in IETF documents." > > I would also prefer it if the uncapitalized versions retained their original > English meanings, but these sentences from 2119 are why I recommend > avoiding such usages. That was updated by RFC 8174 to say “when capitalized”. Ben. > > It is often quite awkward, for example when you're stating mathematical > truths instead of requirements (a sentence like "If a number does not have > any factors less than its square root other than one, then the number must > be prime" should never be followed with "how do you audit that?" But it > has happened). > > -Tim > >> -----Original Message----- >> From: secdir <secdir-bounces@xxxxxxxx> On Behalf Of Randy Bush >> Sent: Friday, January 26, 2024 4:42 PM >> To: Tim Hollebeek via Datatracker <noreply@xxxxxxxx> >> Cc: secdir@xxxxxxxx; draft-ietf-opsawg-9092-update.all@xxxxxxxx; last- >> call@xxxxxxxx; opsawg@xxxxxxxx >> Subject: Re: [secdir] Secdir last call review of > draft-ietf-opsawg-9092-update- >> 09 >> >> tim: >> >>> (1) The following paragraph appears twice in the document (looks like >>> just a copy/paste error when moving stuff around): >>> >>> "Identifying the private key associated with the certificate and >>> getting the department that controls the private key (which might be >>> stored in a Hardware Security Module (HSM)) to generate the CMS >>> signature is left as an exercise for the implementor. On the other >>> hand, verifying the signature has no similar complexity; the >>> certificate, which is validated in the public RPKI, contains the >>> needed public key." >> >> someone caught this the other day, and it has already been fixed in my > emacs >> buffer. good catch anyway; full credit. >> >>> (2) Section 6, paragraph 5: is this intended to be a RFC 2119 "MAY"? >>> If so, capitalize. If not, avoid the word. >> >> took me a moment. i think it is para 6, this one, yes? >> >> It is good key hygiene to use a given key for only one purpose. To >> dedicate a signing private key for signing a geofeed file, an RPKI >> Certification Authority (CA) may issue a subordinate certificate >> exclusively for the purpose shown in Appendix A. >> >> that 'may' should probably be 2119ed. russ, opinion? >> >> aside: i hope that 2119 gives meaning to the CAPITALIZED forms, and does > not >> remove the uncapitalized forms from the american/english language. >> >> again, thanks for the review. they're hard to get. >> >> randy >> >> _______________________________________________ >> secdir mailing list >> secdir@xxxxxxxx >> https://www.ietf.org/mailman/listinfo/secdir >> wiki: https://wiki.ietf.org/group/secdir/SecDirReview > -- > last-call mailing list > last-call@xxxxxxxx > https://www.ietf.org/mailman/listinfo/last-call -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
