Josh, Alper, I'd like to come back to one point. Alper asked why we wanted to have SHOULD describe re-authentication and retransmission behavior rather than MUST describe that behavior.
When we use the SHOULD 2119 keyword it's because we believe there are unusual circumstances where violating the SHOULD is the right thing to do. SHOULD is a fairly strong requirement, but it does not apply 100% of the time. The primary reason I think that should be a SHOULD not a MUST is that I think documenting the lower layer (which is to say the application) is only a SHOLUD. If a company creates a proprietary application, I don't think it's our business to mandate that they document certain things. I cannot think of a case where it would be appropriate for a document in the IETF describing the use of EAP for application authentication should leave out discussion of retransmission and discard behavior. (We'll need to go fix draft-ietf-abfab-gss-eap as it does not discuss discard behavior) Re-authentication is more complex. I prefer the current text but don't think it would be a problem to change the SHOULD document for retransmission and discard to a MUST. I'd object to the change for re-authentication. --Sam _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
