On Wed, Nov 20, 2019 at 10:54 PM Benjamin Kaduk <[email protected]> wrote:
> On Wed, Nov 20, 2019 at 10:35:09PM -0800, Rob Sayre wrote: > > On Wed, Nov 20, 2019 at 10:25 PM David Schinazi < > [email protected]> > > wrote: > > > > > The SHOULD from (2) is indeed not required for interoperability, but > > > important > > > to ensure servers put this protection in place. > > > > > > > In that case, this issue belongs in the Security Considerations section. > I > > understand that the concern is valid, but a "SHOULD" in this part of the > > document is not the right way to communicate it. > > Is it more of a security consideration or an operational one? > Since it was referred to as a "protection", I thought it was a DoS concern. If it's only implementation advice, that's also valid, but it doesn't call for 2119 SHOULD language. The document should explain the operational concern without using "SHOULD". thanks, Rob
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
