On Dec 21, 2012, at 10:06 AM, Ted Lemon <Ted.Lemon@xxxxxxxxxxx> wrote: > On Dec 21, 2012, at 10:45 AM, Ben Campbell <ben@xxxxxxxxxxx> wrote: >> As I responded separately to Ramakrishna, is the SHOULD use 4030 language a new requirement specific to this draft? Or is it just describing requirements in 3046 or elsewhere? > > I suppose the authors should really answer this, but I was curious as well, and went looking. I think RFC4030 should have updated RFC3046 to add this as a security consideration, but it did not. However, e.g. RFC4243, RFC5010 and RFC5107 do add a similar requirement to their security considerations section, so it's probably fair to say that this has been informally adopted as appropriate practice for security considerations sections. > > Perhaps we should adopt the practice more formally... :) Pending the authors' comments, it sounds like it's good as is. (Assuming that "adopt[ing] the practice more formally" isn't _this_ draft's problem :-) ) >