Note the language > "MUST implement, SHOULD use" is a common compromise. ^^^^^^^^^^^
This is my heartache. Why is it a compromise? Most use of SHOULD I run into in WG's is either this precise one: I don't want to make this a MUST use, because I will have deployments *THAT ARE NOT FOR THE INTERNET* but I want to market them as if they were. Example: instant messaging systems for enterprises where tapping is a legal requirement, not something to be avoided. Example: instant messaging systems deployed where governments want to do warrantless, undetectable tapping I would offer neither of these examples are Internet examples, and we should get some iron underpants on and say so. Internet protocols need Internet protections. SHOULD should neither be a crutch for making a proprietary protocol look like an Internet protocol nor for making two proprietary protocols look like a single, Internet protocol. On Aug 30, 2011, at 1:50 PM, Keith Moore wrote: > On Aug 30, 2011, at 12:46 PM, Eric Burger wrote: > >> Can you give an example of where a dangling SHOULD makes sense? Most often >> I see something like: >> SHOULD implement security >> meaning >> SHOULD implement security, unless you do not feel like it or are in an >> authoritarian regime that bans security > > That wording doesn't make any sense. Security implementation should almost > always be a MUST, regardless of what any particular government might say. We > shouldn't relax the security requirements of our protocols because of > brain-damaged governments (and I include my own country's government in that > list). > > In cases like this it's sometimes important to distinguish between > implementation and use. "MUST implement, SHOULD use" is a common compromise. > > Note also that MUST doesn't mean "you have to do this". It means "if you > don't do this, you don't comply with the specification". > > I don't think the example above is a typical use of SHOULD, though it might > be too common. > > Keith >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf