- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 14 Nov 2014 00:18:48 -0800
- To: Mike Bishop <Michael.Bishop@microsoft.com>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 13 November 2014 23:39, Mike Bishop <Michael.Bishop@microsoft.com> wrote: > I would think the client MAY send INADEQUATE_SECURITY if any of the requirements in either section aren't honored. For example, say the server selects TLS 1.1. In this case, the distinction between MAY and SHOULD is basically irrelevant. Anything short of MUST NOT provides an incentive for servers to comply with the restriction that the error is enforcing, while anything short of MUST in the other direction allows for this to play out in the marketplace. That's something that we've resorted to regarding http and https usage in HTTP/2. Dave is sort of correct over the usage based on a strict interpretation of 2119, but the colloquial usage of MAY - and that of many IETF documents - establishes much a less-strict meaning for the word. I don't use should because that invokes the other 2119 guidance, which is equally incompatible.
Received on Friday, 14 November 2014 08:19:15 UTC