Re: SHOULD vs MUST (was Re: Review of draft-ietf-geopriv-http-location-delivery-07)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

At Sat, 21 Jun 2008 14:31:03 +0100,
Lawrence Conroy wrote:
> 
> Hi Eric, folks,
>   [renamed for this specific point, and CC list trimmed]
> 
> I am puzzled by this point in your review.
> I suspect that other potential authors will be too.
> To me, the last sentence is exactly right:
> the SHOULD means "do this unless...",
> and the last phrase covers the "unless".

I'm not arguing about what intensity level this requirement
should be at. I'm pointing out that it changed and asking
why.


> I had read 2119 to mean that a MUST was unconditional
> - do this or be non-complaint.

Here's the relevant text from 2119:

    2. MUST NOT   This phrase, or the phrase "SHALL NOT", mean that the
       definition is an absolute prohibition of the specification.
    
    3. SHOULD   This word, or the adjective "RECOMMENDED", mean that there
       may exist valid reasons in particular circumstances to ignore a
       particular item, but the full implications must be understood and
       carefully weighed before choosing a different course.

In other words, the difference between MUST and SHOULD is intensity
not conditionality.

So, if the spec read:
"You MUST do X unless Y", then an implementation which did not
do X was nonconformant unless Y obtained.

On the other hand, if the spec read:
"You SHOULD do X unless Y", then an implementation which did
not do X is still conformant even if Y does not obtain, though
the implementor is exhorted to do X unless they have some
other good reason and that Y is explicitly called out as such
a reason.


> Do you believe that MUST can have an "unless" clause?

Of course.


> Doesn't this mean that any SHOULD with an explicit "unless" will
> need to be changed into a MUST - could you expand on this, please?

No, why would it?

-Ekr



> On 20 Jun 2008, at 20:59, Eric Rescorla wrote:
> >>   The LIS MUST implement the server
> >>   authentication method described in [RFC2818]. When TLS is used,
> >>   the Device SHOULD fail a request if server authentication fails,
> >>   except in the event of an emergency.
> >>
> >> Does that address your concerns?
> > Why did this become a SHOULD when it was a MUST?



_______________________________________________
IETF mailing list
IETF@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]