At 9:17 PM -0500 1/21/10, <black_da...@emc.com> wrote: >Paul, > >> What does "Implementations SHOULD be capable of generating and >accepting all of these types" mean? > >It's hair-splitting time ... > >> To assure maximum interoperability, implementations MUST be >configurable to send at least one of >> ID_IPV4_ADDR, ID_FQDN, ID_RFC822_ADDR, or ID_KEY_ID, and MUST be >configurable to accept all of these >> types. > >Short version: MUST be able to send at least *1*, accept all *4*. > >> Implementations SHOULD be capable of generating and accepting all of >these types. > >Short version: In addition, SHOULD be able to send all *4*. > >The SHOULD for "accepting" is redundant with the previous MUST, but the >SHOULD for "generating" is broader. > >[... snip ...] > >> If it means all the listed types, the sentence should be changed to >"Implementations SHOULD >> also be capable of generating ID_IPV6_ADDR, ID_DER_ASN1_DN, and >ID_DER_ASN1_GN." > >Which I think amounts to a SHOULD for certificate support. Is there a >good reason to go there?
This interpretation is quite surprising to me (but I am surprised often these days...). What do others think? --Paul Hoffman, Director --VPN Consortium _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
