RE: 2119bis

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

It seems to me RFC2119bis might benefit from some consensus text on what proper use of each is, beyond defining their respective meanings.  From the discussion, this is obviously true for SHOULD at least.  The discussion around use of MAY in RFC2119 is fairly thorough, so maybe SHOULD needs to be similarly expanded.  And I suspect some distillation of this discussion might provide some ideal text.

 

-MSK

 

From: ietf-bounces@xxxxxxxx [mailto:ietf-bounces@xxxxxxxx] On Behalf Of Eric Burger
Sent: Tuesday, August 30, 2011 11:03 AM
To: IETF discussion list
Subject: Re: 2119bis

 

Note the language

"MUST implement, SHOULD use" is a common compromise.

                                          ^^^^^^^^^^^

 

This is my heartache.  Why is it a compromise?  Most use of SHOULD I run into in WG's is either this precise one:

    I don't want to make this a MUST use, because I will have deployments *THAT ARE NOT FOR THE INTERNET* but I want to market them as if they were.

Example: instant messaging systems for enterprises where tapping is a legal requirement, not something to be avoided.

Example: instant messaging systems deployed where governments want to do warrantless, undetectable tapping

 

I would offer neither of these examples are Internet examples, and we should get some iron underpants on and say so.

 

Internet protocols need Internet protections.

 

SHOULD should neither be a crutch for making a proprietary protocol look like an Internet protocol nor for making two proprietary protocols look like a single, Internet protocol.

 

On Aug 30, 2011, at 1:50 PM, Keith Moore wrote:



On Aug 30, 2011, at 12:46 PM, Eric Burger wrote:



Can you give an example of where a dangling SHOULD makes sense?  Most often I see something like:
    SHOULD implement security
meaning
    SHOULD implement security, unless you do not feel like it or are in an authoritarian regime that bans security

 

That wording doesn't make any sense.  Security implementation should almost always be a MUST, regardless of what any particular government might say.  We shouldn't relax the security requirements of our protocols because of brain-damaged governments (and I include my own country's government in that list).    

 

In cases like this it's sometimes important to distinguish between implementation and use.  "MUST implement, SHOULD use" is a common compromise.

 

Note also that MUST doesn't mean "you have to do this".   It means "if you don't do this, you don't comply with the specification".

 

I don't think the example above is a typical use of SHOULD, though it might be too common.

 

Keith

 

 

_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]