Hi Daniel, On 02/16/2021 04:53 PM, Daniel Migault wrote:
> Section 5: > OLD > "Profiles MUST specify a communication security protocol that provides > the features required above." > NEW > "Profiles MUST specify at least one communication security protocol that > provides the features required above." > > <mglt> > I have the impression that with MUST specify one expects a mandatory protocol > to be provided. Would the following text be acceptable ? > > NEW2: > "Profiles RECOMMENDs at least one communication security protocol that > provides the features required above." > </mglt> I don't understand it like that but I see your point. But I think "RECOMMENDS" leaves too much wiggle room :). The profiles could then omit the protocols completely, which I think is a bad idea. Implementers should have at least one example how the communication between C and AS is protected. Since we don't provide it in the framework we must have it in the profiles. How about: NEW3: "Profiles MUST specify at least one communication security protocol that provides the features required above as an example how the respective communication can be secured." Viele Grüße Steffi _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
