On Tue, 6 Nov 2012 20:47:43 -0500 (EST) Benjamin Kaduk <[email protected]> wrote:
> > says: > > > > If the token is an encrypted blob, it should be encrypted using > > the key usage RXGK_SERVER_ENC_TOKEN. > > > > should that be a SHOULD ? > > I don't think so. If we needed 2119-language, I think it would be a > MUST. But I'm not sure that we need 2119 language. We don't use it > when talking about the other key usages, if I remember correctly. I wouldn't think so, since the key usage would be up to the application to define; the whole token is opaque outside of application-specific usage, so I don't think you'd need to _require_ the use of a specific usage key. That is, you're not violating rxgk by using something else, since the only time something would 'break' based on token content construction would be application-specific stuff. So, you'd be violating the e.g. rxgk-afs spec if you used the wrong key usage, not the rxgk spec. I thought this was more of a guidance to application-specific specifications to just say "hey, we have a key usage value allocated specifically for this purpose, so use this one if you can". But if so, that also doesn't sound like a 2119-language-appropriate place, since we're not telling implementors what to do. So yes, not using 2119-language makes sense. -- Andrew Deason [email protected] _______________________________________________ AFS3-standardization mailing list [email protected] http://lists.openafs.org/mailman/listinfo/afs3-standardization
