Re: I'm struggling with 2219 language again

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+1.

I think it is important that we have communications tools for documenting strong minimum protocol requirements and we only have RFC2119 to make that possible.

Yet, we need to be careful where the lack of RFC2119 upper case wordings can be used to leverage an argument for relaxation of existing protocols where perhaps only lower case semantics were done.

IMO, where there are multiple protocol state choices or paths and where common sense engineering and security functionality is clear, upper vs lower should not matter.

I will like to use an example protocol logic I am currently concern with that could be altered due to 2119 related debates:

  For protocol state condition A, you may do action B or C.
  If action B is taken, you MUST do D.

So action B has 2119 language to do D. Part of the 2219 debate is that doing action B or C are both optional.

C is not defined, although it could be said it was implied via other indirect protocol features:

  You SHOULD do E.

and in a protocol change proposal, it is now:

  You SHOULD do E1 instead of E.

Well, to do E or E1, you have to do C, not B.

Now the history of this is that original drafts/specs (ones some folks want us to ignore) did have 2119 language on whether you MAY do B or C, and in fact in an extended augmented RFC protocol, it only allowed for a MUST action B for protocol condition A. C was not an option (or at least it wasn't stated) in the extended RFC technology.

The problem was the lack of an upper case MAY has provided the notion that none of this is normative thus making the action C more possible and action B less attractive.

By making C more possible, this makes E more plausible and now that E1 is a new recommendation and preferred feature than E, the idea of doing action B is now watered down.

The issue is sensitive and honestly, it got to a point where one says "Who cares!?" If they want to watered down B, so be it. You don't need to support it protocol changes nor the newer push to the E1 recommendation.

The problem for me?

Is why is the security aspects of this do not make it obvious of what needs to be done? We got into anal debate of 2119 language and I even recall a few years ago where another debate of the definition of SHOULD got a number of people labeled as 2219 illiterates by an AD.

In the example I cited, politics comes into play because you have two industry mindsets under protocol condition A:

  1) Those that believe in action B as the more secured action, and
  2) Those that DO NOT believe in action B and prefer C.

There is where a person like myself is left with the idea of waiting for WGLC to appeal changes to the protocol that will watered down action B.

This is all due because of the lack of 2119 language that many believe were naturally in place with just using lower case wordings.

No upper case, therefore action B is weak and that was unfair to current implementations that only do action B as its the most secured implementation (and less costly) action to protect users. By allowing RFC2119 or stated arguments the protocol lacked 2119 language, weakens the protocol and makes it more complex for implementations to consider action C which can be more harmful if certain forms of C making it functionality equivalent (security wise) to action B is not done (this is the added complexity).

I'm sure this is a dime a dozen story, but to me it is common to see WG chairs, AD and other key cogs throw the proverbial 2119 book at developers to help push specs. IMO, we need it but we also need some common sense engineering and consideration to be done when we review current docs. Ignoring existing implementations SHOULD not be one of them.

--
HLS


Lou Berger wrote:

On 1/4/2013 12:15 AM, Dean Willis wrote:
...
Are we deliberately evolving our language to use RFC 2119 terms as
the principle verbs  of a formal specification language?
...

My view on this has evolved over time.  I used to follow the practice of
using 2219 language only for emphasis.  Over time, primarily motivated
by reviewers comments and reader questions, I've migrated to the
position that 2119 language should be used whenever and wherever a point
of conformance is being made.  While this may be a bit of an extreme
position, it ensures that authors, reviewers, readers, implementors,
etc. are in sync as to what is expected from an interoperable
implementation that conforms to a standard.  I think the importance of
such unambiguity has increased over time as the number of implementors
and non-native English speakers in our community have increased.

I also think it's important to follow section 6 of 2119, i.e., if it's
not a point of interoperability or harmful behavior, there's no need to
use 2119 conformance language.

So, my view is now:

a) lower case usage of 2119 key words *in RFCs* means the normal English
meaning of such words, but does not place any requirement on
implementations, i.e., is purely informative text.

b) upper case usage of 2119 key words *in RFCs*, as stated in [RFC2119],
places "requirements in the specification", i.e., is conformance
language with which an implementation must follow to ensure
interoperability (or harm).  (And does not = shouting as would be the
case in other contexts).

I take this view when writing and reviewing PS drafts...

Lou








[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]