Hi Sara, On Tue, Mar 22, 2022 at 2:40 AM Sara Dickinson <[email protected]> wrote:
> > In Section 5.5: > > > > Clients SHOULD consider potential privacy issues associated with > > session resumption before deciding to use this mechanism. [...] > > > > I find "SHOULD consider" to be far too vague for this to be meaningful. > If > > I've thought about it, have I met my burden here? > > There are several things to evaluate here - we’ve updated this text to: > “Clients SHOULD consider > potential privacy issues associated with session resumption before > deciding to use > this mechanism and specifically evaluate the trade-offs presented in the > various sections of this document. The privacy issues are detailed…" > > Does that address your concern or can you suggest text? > I'd be fine with either the original or proposed text if you make it a lowercase "should". I guess for me this comes down to: Why is this a "SHOULD" and not a "should"? What specific normative obligation are you imposing with this sentence that affects interoperability of the protocol? If after considering potential privacy issues, it's really the case that there are specific protocol things I need to do, then I would enumerate those explicitly and make them SHOULDs. But a general "You SHOULD think about this" doesn't feel to me like correct use of BCP 14 keywords. -MSK
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
