Stephen Farrell wrote: > > 7. 6.2 says: "If servers wish to <<avoid attack>> they MUST > NOT <<do stuff>>" Isn't that equivalent to servers SHOULD > NOT? I think a SHOULD NOT is better. (And that's the form > used in section 7.) This might be confusion with ISO terminology. MUST == SHALL MUST NOT == SHALL NOT SHOULD == RECOMMENDED SHOULD NOT == NOT RECOMMENDED The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. And btw. the document that standardizes the secure renegotiation will have to say that it updates RFC-5246, because it needs to. -Martin _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf