On Thursday, March 30, 2006 06:00:36 PM +0200 Simon Josefsson <jas@xxxxxxxxxxx> wrote:
http://www.ietf.org/internet-drafts/draft-santesson-tls-ume-04.txt says: This document does not specify how the server stores the user_principal_name, or how exactly it might be used to locate a certificate. For instance, it might be appropriate to do a case- insensitive lookup. It is RECOMMENDED that the server processes the user_principal_name with a stringprep profile [N7] appropriate for the identity in question, such as Nameprep [N8] for the portion domain portion of UPN, SASLprep [N9] for the user portion of the UPN and stringprep appendix B.3 [N7] as mapping table for case folding. Given that the first and second sentence make it clear that the use of StringPrep is not required, I suggest using MAY instead of RECOMMENDED in the third sentence. RECOMMENDED is the same as SHOULD according to RFC 2119, and is a fairly strong recommendation. Its use seem misplaced here.
Right. RECOMMENDED does not mean "we think this is a good idea". It means something more like "you have to do this or have a good reason not to".
It may be better to avoid RFC 2119 language completely here, because the entire paragraph is merely an example of what you can do.
Agree. RFC2119 language has no place in a "for instance". _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf