MUST use normative language (Re: draft-ietf-httpbis-http2 feedback) from Eliot Lear on 2013-07-31 (ietf-http-wg@w3.org from July to September 2013)

From: Eliot Lear <lear@cisco.com>
Date: Wed, 31 Jul 2013 19:37:48 +0200
To: Amos Jeffries <squid3@treenet.co.nz>
CC: ietf-http-wg@w3.org
Message-ID: <51F94B6C.3050505@cisco.com>

Dear colleagues,

On 7/31/13 4:46 PM, Amos Jeffries wrote:
> On 31/07/2013 9:34 p.m., Julian Reschke wrote:
>> Questions:
>>
> <snip>
>>
>> 5.2.2
>>
>> "Deployments with constrained resources (for example, memory) MAY
>> employ flow control to limit the amount of memory a peer can consume.
>> Note, however, that this can lead to suboptimal use of available
>> network resources if flow control is enabled without knowledge of the
>> bandwidth-delay product (see [RFC1323])."
>>
>> s/MAY/can/
>>
>
> I took this as being intentionally normative language. One participant
> MAY use the feature therefore all participante MUST implement support
> just in case it happens. With "can" there is no normative requirement
> on the other participants to implement anything regarding flow
> control, which would lead to harm for the participant needing it.

I have two problems with the above and one overarching concern that
really needs to be addressed.  First, the above text is taken out of
context.  Flow control windows MUST always be obeyed by the sender.  It
says so right in the previous paragraph.

Second,  if you don't agree with the above, changing "MAY" to "can"
doesn't get around the fact that you're giving advice to implementers on
the use of flow control, and yet that advice would be wrong because it
could be ignored by senders.  This is, in other words, a distinction
without a difference.

And this brings me to my general concern.  Stop running away from
normative language.  This WG is writing a specification that is intended
to be very widely deployed.  It is intended to supplant the most widely
deployed application protocol ever, and therefore interoperability and
deterministic behavior is important.  So is the use of standard
well-known normative terms.  They are carefully defined with specific
meanings that are well known that most programmers understand.  They are
*so* well known that many standards organizations have adopted them.

Lastly, these words are contained in a voluntary standard.  If you don't
follow them, the IETF believes that you may have an interoperability,
performance, or security problem, and in some cases you might cause
problems for others.

Eliot

Received on Wednesday, 31 July 2013 17:38:18 UTC