Joe, > On Dec 29, 2024, at 2:13 PM, Joseph Salowey <[email protected]> wrote: > > [Joe] Thanks for the explanation and background. I'm happy that the document > has the requirement that it does. I can see that checking this value would be > problematic for implementations, I was more thinking that the security > considerations would mention what could happen if the recommendation was not > followed. > From my point of view it's up to the authors whether the consideration should > be included or if it is better not to include it as it may cause more > confusion.
It's our desire at this point to be very careful about making overly strict recommendations about checking the contents of the expected to be zero values. A bit of wisdom from the Daves who authored the original version of BFD (RFC 5880, section 6) that has been helpful over the years: "It is important for implementors to enforce only the requirements specified in this section, as misguided pedantry has been proven by experience to affect interoperability adversely." If you have a recommendation of a sentence for the security considerations that you think adds to the appropriate thinking without clashing with the point above, we'll happily accept that for the final document. If you have no such recommendation, we're possibly done. Thanks for your comments. -- Jeff
