Re: 2119bis

Tue, 30 Aug 2011 11:03:18 -0700 

Note the language
> "MUST implement, SHOULD use" is a common compromise.
                                          ^^^^^^^^^^^

This is my heartache.  Why is it a compromise?  Most use of SHOULD I run into 
in WG's is either this precise one:
        I don't want to make this a MUST use, because I will have deployments 
*THAT ARE NOT FOR THE INTERNET* but I want to market them as if they were.
Example: instant messaging systems for enterprises where tapping is a legal 
requirement, not something to be avoided.
Example: instant messaging systems deployed where governments want to do 
warrantless, undetectable tapping

I would offer neither of these examples are Internet examples, and we should 
get some iron underpants on and say so.

Internet protocols need Internet protections.

SHOULD should neither be a crutch for making a proprietary protocol look like 
an Internet protocol nor for making two proprietary protocols look like a 
single, Internet protocol.

On Aug 30, 2011, at 1:50 PM, Keith Moore wrote:

> On Aug 30, 2011, at 12:46 PM, Eric Burger wrote:
> 
>> Can you give an example of where a dangling SHOULD makes sense?  Most often 
>> I see something like:
>>      SHOULD implement security
>> meaning
>>      SHOULD implement security, unless you do not feel like it or are in an 
>> authoritarian regime that bans security
> 
> That wording doesn't make any sense.  Security implementation should almost 
> always be a MUST, regardless of what any particular government might say.  We 
> shouldn't relax the security requirements of our protocols because of 
> brain-damaged governments (and I include my own country's government in that 
> list).    
> 
> In cases like this it's sometimes important to distinguish between 
> implementation and use.  "MUST implement, SHOULD use" is a common compromise.
> 
> Note also that MUST doesn't mean "you have to do this".   It means "if you 
> don't do this, you don't comply with the specification".
> 
> I don't think the example above is a typical use of SHOULD, though it might 
> be too common.
> 
> Keith
>

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Ietf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf

Reply via email to