Paul, > What does "Implementations SHOULD be capable of generating and accepting all of these types" mean?
It's hair-splitting time ... > To assure maximum interoperability, implementations MUST be configurable to send at least one of > ID_IPV4_ADDR, ID_FQDN, ID_RFC822_ADDR, or ID_KEY_ID, and MUST be configurable to accept all of these > types. Short version: MUST be able to send at least *1*, accept all *4*. > Implementations SHOULD be capable of generating and accepting all of these types. Short version: In addition, SHOULD be able to send all *4*. The SHOULD for "accepting" is redundant with the previous MUST, but the SHOULD for "generating" is broader. [... snip ...] > If it means all the listed types, the sentence should be changed to "Implementations SHOULD > also be capable of generating ID_IPV6_ADDR, ID_DER_ASN1_DN, and ID_DER_ASN1_GN." Which I think amounts to a SHOULD for certificate support. Is there a good reason to go there? Thanks, --David > -----Original Message----- > From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of Paul Hoffman > Sent: Thursday, January 21, 2010 8:49 PM > To: IPsecme WG > Subject: [IPsec] Issue #156: SHOULD generate and accept which types? > > Section 3.5 lists a bunch of ID types (ID_IPV4_ADDR, ID_FQDN, ID_RFC822_ADDR, ID_IPV6_ADDR, > ID_DER_ASN1_DN, ID_DER_ASN1_GN, and ID_KEY_ID), and then says: > > Two implementations will interoperate only if each can generate a type of ID acceptable to the other. > To assure maximum interoperability, implementations MUST be configurable to send at least one of > ID_IPV4_ADDR, ID_FQDN, ID_RFC822_ADDR, or ID_KEY_ID, and MUST be configurable to accept all of these > types. Implementations SHOULD be capable of generating and accepting all of these types. IPv6-capable > implementations MUST additionally be configurable to accept ID_IPV6_ADDR. IPv6-only implementations > MAY be configurable to send only ID_IPV6_ADDR. > > What does "Implementations SHOULD be capable of generating and accepting all of these types" mean? It > can't mean the four just listed, because that list of four comes with MUSTs. If it means all the > listed types, the sentence should be changed to "Implementations SHOULD also be capable of generating > ID_IPV6_ADDR, ID_DER_ASN1_DN, and ID_DER_ASN1_GN." > > --Paul Hoffman, Director > --VPN Consortium > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
