- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Sat, 05 Oct 2013 20:24:10 +0200
- To: Glenn Adams <glenn@skynav.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
* Glenn Adams wrote: >On Sat, Oct 5, 2013 at 3:33 AM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote: >> The text in question is a normative requirement. Doing otherwise has >> a potential for causing harm and so it has to be a requirement, too. > >It is a normative recommendation (SHOULD NOT), not a normative requirement >(SHALL NOT). That is a common misconception among novices. The draft does not use the phrase informally with its ordinary english meaning, but rather uses the terms as defined in RFC 2119, which formally defines various keywords to indicate requirement levels. A RFC2119 "SHOULD" signifies a SHOULD-level requirement, and failing to meet a SHOULD-level requirement means an im- plementation is not unconditionally conforming even if it meets all the absolute requirements of a protocol; failing to heed a "recommendation" in an informal sense has no implications on conformance. Accordingly, I call them requirements, as is customary in organisations using RFC 2119: https://www.google.com/search?q=%22should-level+requirement%22+site%3Aietf.org https://www.google.com/search?q=%22should-level+requirement%22+site%3Aw3.org I hope this clears up your confusion. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Saturday, 5 October 2013 18:24:34 UTC