> -----Original Message----- > From: ietf-bounces@xxxxxxxx [mailto:ietf-bounces@xxxxxxxx] On > Behalf Of Peter Saint-Andre > Sent: Tuesday, December 01, 2009 7:06 PM > To: mrex@xxxxxxx > Cc: ietf@xxxxxxxx > Subject: NOT RECOMMENDED (was: Re: [TLS] Last > Call:draft-ietf-tls-renegotiation) > > On 12/1/09 7:49 PM, Martin Rex wrote: > > Stephen Farrell wrote: > >> 7. 6.2 says: "If servers wish to <<avoid attack>> they MUST > >> NOT <<do stuff>>" Isn't that equivalent to servers SHOULD > >> NOT? I think a SHOULD NOT is better. (And that's the form > >> used in section 7.) > > > > > > This might be confusion with ISO terminology. > > > > MUST == SHALL > > MUST NOT == SHALL NOT > > SHOULD == RECOMMENDED > > SHOULD NOT == NOT RECOMMENDED > > > > > > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", > "SHALL NOT", > > "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and > "OPTIONAL" in this > > document are to be interpreted as described in RFC 2119 > [RFC2119]. > > It's always puzzled me why the boilerplate quoted above does > not include > the phrase "NOT RECOMMENDED", given that RFC 2119 mentions it a mere > five paragraphs later: > > 4. SHOULD NOT This phrase, or the phrase "NOT > RECOMMENDED" mean that > there may exist valid reasons in particular circumstances when the > particular behavior is acceptable or even useful, but the full > implications should be understood and the case carefully weighed > before implementing any behavior described with this label. > > Is this a spec bug in RFC 2119? Probably. According to http://www.rfc-editor.org/errata_search.php?rfc=2119 it was reported as Errata ID 499 by Anders Langmyr on 2006-01-09. -d > Peter > > -- > Peter Saint-Andre > https://stpeter.im/ > > > _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf