> On 10 Jul 2018, at 22:38, Joe Clarke <[email protected]> wrote:
>
>>
>> Let us (authors) take this recent feedback on board and reword things
>> along the lines:
>> - Use MUST where we want programmers to do the right thing, but be
>> careful not to distort the actual protocol as currently implemented.
>> Handling secrets, passwords seem like good targets for this.
>
> With the particular point of handling secrets and passwords, linking to
> specific suggestions of this would be a plus, too.
>
>> - Keep and improve verbiage documenting known risks.
>> - Give either MUST verbiage where there's only one thing to do (e.g.
>> secured transport is a MUST).
>> - Give SHOULD where there's multiple things (e.g. PAP vs. CHAP is
>> closely related to password management on the server side).
>>
>> Would this be the right way or not really?
>
> This sounds like the right approach to me.
Daytime job caught up with me, I'll start the writeup on the weekend.
Andrej.
_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg
