> -----Original Message----- > From: Rainer Gerhards [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 23, 2006 2:48 AM > To: Miao Fuyou; [EMAIL PROTECTED] > Subject: RE: [Syslog] Updated Syslog-tls Document > > > ------------------------------------- > > > 5.1 > > > > > > == > > > When confidentiality is a concern, a sender/relay MUST > > authenticate > > > the receiver to make sure it is talking to the right peer. > > > == > > > > > > I do not find the MUST is appropriate here: "when > > > confidentiality is a concern" is not a hard fact. What does > > > it mean? When MUST I implement authentication. Is my > > > Implementation not compliant to this doc if I have the wrong > > > understanding of "when confidentiality is a concern". Or MUST > > > I always implement it, because confidentiality is probably > > > very often a concern? > > > > > > I think this is a operator-issue not to be dealt with in the > > > protocol. I suggest dropping this sentence or at last spell > > > MUST in lower case. > > > > > > > Probably lower case. The point is confidentility is > > meaningless without > > authenticaion. > > Well... maybe it is just a wording issue. Are we actually REQUIREING a > sender to authenticate the receiver in all cases? If so, we > should state > that. My impression so far is that this is something that is optional > and at the discretion of the sender or the operator configuring it. If > so, we should state that clearly too. As an implementor, I am unsure > what to do if I use the above text as a guideline. >
Standards do not typically require an operator to use the technology in a specific manner; Standards do typically require implementers to implement in a way so that operators CAN configure the technology in the preferred (interoperable) manner. MUST is used when the on-the-wire format/information/etc. must be interoperable for the protocol to work properly. I do not like seeing "must" in a document; either it deserves to be a MUST, i.e. it impacts on-the-wire interoperability, or it is an implementation/usage decision and we should not mandate it. If you use a lower case "must", then you'll need to convince me as co-chair that the usage is justifed before I send it to the IESG. Dbh _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog