On Dec 21, 2012, at 10:06 AM, Ted Lemon <[email protected]> wrote:
> On Dec 21, 2012, at 10:45 AM, Ben Campbell <[email protected]> wrote: >> As I responded separately to Ramakrishna, is the SHOULD use 4030 language a >> new requirement specific to this draft? Or is it just describing >> requirements in 3046 or elsewhere? > > I suppose the authors should really answer this, but I was curious as well, > and went looking. I think RFC4030 should have updated RFC3046 to add this > as a security consideration, but it did not. However, e.g. RFC4243, RFC5010 > and RFC5107 do add a similar requirement to their security considerations > section, so it's probably fair to say that this has been informally adopted > as appropriate practice for security considerations sections. > > Perhaps we should adopt the practice more formally... :) Pending the authors' comments, it sounds like it's good as is. (Assuming that "adopt[ing] the practice more formally" isn't _this_ draft's problem :-) ) >
