Phillip Hallam-Baker wrote: > > RECOMMENDED is a strong suggestion that the implementation may override at > the discretion of the implementer. SHOULD is normative. > > So the first tells me that I can make up my own mind, the second says that > I should give a reason if I don't comply. This is only half of the story. PKIX (rfc5280) defines the concept of a "minimum requirements RP", i.e. an implementation which implements only MUSTs, and potentially not a single SHOULD. Essentially, this waters down all SHOULDs to MAYs. -Martin