On 12/1/09 7:49 PM, Martin Rex wrote: > Stephen Farrell wrote: >> 7. 6.2 says: "If servers wish to <<avoid attack>> they MUST >> NOT <<do stuff>>" Isn't that equivalent to servers SHOULD >> NOT? I think a SHOULD NOT is better. (And that's the form >> used in section 7.) > > > This might be confusion with ISO terminology. > > MUST == SHALL > MUST NOT == SHALL NOT > SHOULD == RECOMMENDED > SHOULD NOT == NOT RECOMMENDED > > > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", > "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this > document are to be interpreted as described in RFC 2119 [RFC2119].
It's always puzzled me why the boilerplate quoted above does not include the phrase "NOT RECOMMENDED", given that RFC 2119 mentions it a mere five paragraphs later: 4. SHOULD NOT This phrase, or the phrase "NOT RECOMMENDED" mean that there may exist valid reasons in particular circumstances when the particular behavior is acceptable or even useful, but the full implications should be understood and the case carefully weighed before implementing any behavior described with this label. Is this a spec bug in RFC 2119? Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
