On Fri, Oct 05, 2018 at 09:59:43AM -0400, Andrew Sullivan wrote:
> and I'm all in favour of that. What you are arguing, however, is in
> line with the way the IETF ended up doing the BEHAVE WG: we wouldn't
this case is probably more related to the discussion around RFC 2804.
> I think it would be quite good for the document to note that it has
> the implications you are pointing to, which might be a reason for
> people not to embrace it. The downsides should be noted. But to me,
There is of course the danger of misinterpretation, even though
the draft at hand is not necessarily the best example: policy
might be encouraged by the presence of a technical standard.
Just don't run a laundry.
A locality MAY require the client to have data verified in accordance
with local regulations or laws utilizing data sources not available
to the server.
The data verified by the VSP
MUST be stored by the VSP along with the generated verification code
to address any compliance issues. The signer certificate and the
digital signature of the verification code MUST be verified by the
server.
The MAY in the first quote might be accidental, but the first MUST in
the second definitely is policy rather than protocol.
-Peter
_______________________________________________
regext mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/regext
