Re: [secdir] RFC2119 vs "ought" etc, was: SECDIR review of draft-ietf-httpbis-p7-auth-24

On 2013-10-30 14:42, Richard Barnes wrote:
> ...
> Do you mean that your intent was ought==should and might==may?
> Why do you feel the need to avoid SHOULD and MAY here?  They don't place
> any more burden on implementors than "ought" and "might".
> --Richard
> ...

I believe in following the guidance in RFC 2119:

> 6. Guidance in the use of these Imperatives
>    Imperatives of the type defined in this memo must be used with care
>    and sparingly.  In particular, they MUST only be used where it is
>    actually required for interoperation or to limit behavior which has
>    potential for causing harm (e.g., limiting retransmisssions)  For
>    example, they must not be used to try to impose a particular method
>    on implementors where the method is not required for
>    interoperability.

I also note that there clearly is no community consensus about what the 
right degree of 2119 usage is. Until there is such thing, I recommend 
that we focus on 2119 keywords being used when they are needed, and not 
bike-shed over the other instances as long as the specification is 
consistent with respect to this.

Best regards, Julian

Received on Wednesday, 30 October 2013 13:58:25 UTC