On Tue, Jun 25, 2013 at 8:31 AM, Martin Rex <mrex@xxxxxxx> wrote:
--
Website: http://hallambaker.com/
Phillip Hallam-Baker wrote:This is only half of the story.
>
> RECOMMENDED is a strong suggestion that the implementation may override at
> the discretion of the implementer. SHOULD is normative.
>
> So the first tells me that I can make up my own mind, the second says that
> I should give a reason if I don't comply.
PKIX (rfc5280) defines the concept of a "minimum requirements RP",
i.e. an implementation which implements only MUSTs, and potentially not
a single SHOULD. Essentially, this waters down all SHOULDs to MAYs.
From a minimum implementation point of view MAY, RECOMMENDED and SHOULD all have the same effect. They are not identical from other points of view.
MAY tells the implementer that there is behavior that they are required to accept from other implementations they interact with. So it creates an implicit MUST NOT.
SHOULD tells the implementer that there is behavior that cannot be compliance checked that is important.
I would like to see more clarity in IETF specs and the minimum use of MUST, SHOULD and MAY since they all create compliance requirements. Distinguishing RECOMMENDED from SHOULD properly would help here.
I suggest that if specs want to use RECOMMENDED and SHOULD as not being synonyms that they follow the reference to 2119 with a statement explaining the difference.
Website: http://hallambaker.com/