Carsten,
Hi Stephen,
thank you for this review.
On Sep 6, 2019, at 19:55, Stephen Kent via Datatracker <noreply@xxxxxxxx> wrote:
The second paragraph of the Security Considerations section reminds the
reader that decoders (parsers) ought to be designed with the understanding that
inputs are untrusted ??? good advice. I???d be happier if the final sentence
changed ???must??? to ???MUST??? to reinforce this admonition.
Here I have a question: It seemed to me that we generally try to avoid putting BCP14 keywords into security considerations sections ??? after all, the interoperability requirements should be handled in the actual protocol definition, not in the security considerations after the fact.
I am not aware of the convention you mention re BCP 14 keywords in the
Security Considerations section. I'm pretty confident that I have seen
the use of such keywords in other SC section sin the past
This MUST would be an implementation requirement. Is this something we want to do in a security considerations section? RFC 3552 appears to be silent about this.
I don't think 3552 makes a statement on this topic either way.
Steve