Hi John, > On 8 Sep 2025, at 15:15, John R Levine <[email protected]> wrote: > > On Mon, 8 Sep 2025, Johan Stenstam wrote: >>> I would change the SHOULDs in 4.2 and 4.2.1 to MUST unless we can describe >>> situations where interop would be better if you don't. >> >> I think MUST is too strong and SHOULD is the right emphasis in this case. > > If MUST is too strong, when is it OK not to do that? We're telling people > how to interoprate, what should they do? > > In 4.2 is it "unless the operator has external knowledge that the endpoint > will scan soon"? In 4.2.1 I can't think of plausible situations where you > would do something else.
It seems to me that we interpret the text differently. To me it is about
“MUST/SHOULD delay sending [until]” while it sounds like to read “MUST/SHOULD
send notification”. My problem is with the “[until]”. In the end we obviously
want the same thing: notifications being sent.
Here is my reasoning, but I’m not a native English speaker, so I do not claim
any ultimate authority over a language issue like this:
A MUST is absolute. Absolute directives should be reserved for when they are
(a) needed and (b) possible to ensure.
In this case the text specifies that
“...delay sending notifications to the recipient until a consistent public
view of the pertinent records is ensured”.
That’s great. But what if, for reasons we don’t know here, whoever is
responsible for sending notifications is simply unable to verify that the
public view is consistent? Should the sender then NOT send the notification? Or
should it delay a reasonable amount of time before sending? Or delay for a bit,
then check again? How many times? Forever?
As these are distributed systems with lots of parts and lots of stuff in
between the parts (that may and will break in all sorts of unpredictable ways,
according to Murphy’s Law) I think the right level of emphasis is to clearly
state how the system SHOULD act without getting entangled in the exact
semantics of all various possible failure modes.
In the end, generalized notifications is an optimization of an underlying
mechanism. As such it is by definition “best effort”. Therefore, we accept that
it is possible that on occasion it will fail. To me, the combination of “MUST”
and “best effort” is, well, wrong :-)
Regards,
Johan
smime.p7s
Description: S/MIME cryptographic signature
-- auth48archive mailing list -- [email protected] To unsubscribe send an email to [email protected]
