WGLC: misused SHOULDs

Mark Nottingham <mnot@mnot.net> Tue, 30 April 2013 01:40 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 64CED21F9BDF for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 29 Apr 2013 18:40:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.705
X-Spam-Status: No, score=-9.705 tagged_above=-999 required=5 tests=[AWL=0.894, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id U6k+F-nkIoCU for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 29 Apr 2013 18:40:42 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org []) by ietfa.amsl.com (Postfix) with ESMTP id 6FE6421F9BFF for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 29 Apr 2013 18:40:41 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UWzYI-0001Vw-5K for ietf-http-wg-dist@listhub.w3.org; Tue, 30 Apr 2013 01:40:18 +0000
Resent-Date: Tue, 30 Apr 2013 01:40:18 +0000
Resent-Message-Id: <E1UWzYI-0001Vw-5K@frink.w3.org>
Received: from lisa.w3.org ([]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1UWzY8-0001VA-H2 for ietf-http-wg@listhub.w3.org; Tue, 30 Apr 2013 01:40:08 +0000
Received: from mxout-08.mxes.net ([]) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1UWzY7-0000Da-I5 for ietf-http-wg@w3.org; Tue, 30 Apr 2013 01:40:08 +0000
Received: from mnot-mini.mnot.net (unknown []) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 3089E509B8 for <ietf-http-wg@w3.org>; Mon, 29 Apr 2013 21:39:45 -0400 (EDT)
From: Mark Nottingham <mnot@mnot.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Message-Id: <C77D12C2-A8C4-4648-9486-AC692F138490@mnot.net>
Date: Tue, 30 Apr 2013 11:39:45 +1000
To: HTTP Working Group <ietf-http-wg@w3.org>
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
X-Mailer: Apple Mail (2.1503)
Received-SPF: pass client-ip=; envelope-from=mnot@mnot.net; helo=mxout-08.mxes.net
X-W3C-Hub-Spam-Status: No, score=-4.3
X-W3C-Hub-Spam-Report: AWL=-2.409, BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1UWzY7-0000Da-I5 f68fb1e19f4c9eb4140aca3fc9e97a0d
X-Original-To: ietf-http-wg@w3.org
Subject: WGLC: misused SHOULDs
Archived-At: <http://www.w3.org/mid/C77D12C2-A8C4-4648-9486-AC692F138490@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17695
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Reviewing the current specs, I think the following uses of SHOULD are invalid, and should be rewritten.

Please have a look through; barring objections, we'll treat this as editorial.


* 3.5 "In other words, if a server is reading the protocol stream at the beginning of a message and receives a CRLF first, the server SHOULD ignore the CRLF."  <--- duplicate of previous requirement

* 8.3 "Recipients SHOULD carefully limit the extent to which they read other fields, including (but not limited to) request methods, response status phrases, header field-names, and body chunks, so as to avoid denial of service attacks without impeding interoperability." (this is a requirement in Security Considerations, which we avoid elsewhere)

* 8.5 "As such, access traces that are keyed to a specific client should not be published even if the key is pseudonymous."  (lowercase should; change to "ought not")

* 8.5 "minimize the risk of theft or accidental publication, log information should be purged of personally identifiable information,"  (lowercase should; change to "ought")


* 4.3.4 "For example, if the target resource is configured to always have a Content-Type of "text/html" and the representation being PUT has a Content-Type of "image/jpeg", then the origin server SHOULD do one of:"  (requirement in an example; change to "can")

* 5.3.2 "The example... SHOULD be interpreted as..."  (requirement in an example; change to "can")


* 2.1 "However, if a resource has distinct representations that differ only in their metadata, such as might occur with content negotiation over media types that happen to share the same data format, then the origin server SHOULD incorporate additional information in the validator to distinguish those representations and avoid confusing cache behavior."  (change to "needs to")


* 4.1.3 "These SHOULD be combined as..."  

* 4.1.4 "A cache shouldn't attempt to validate a response simply because that response became stale in transit." (lowercase shouldn't; change to "ought not")

* 4.2 "However, if any of the stored responses contains only partial content, the cache shouldn't include its entity-tag in the If-None-Match header field unless the request is for a range that would be fully satisfied by that stored response." (lowercase shouldn't; change to "ought not")


* 4.1 "If a request is authenticated and a realm specified, the same credentials SHOULD be valid for all other requests within this realm (assuming that the authentication scheme itself does not require otherwise, such as credentials that vary according to a challenge value or using synchronized clocks)."  (is a statement of fact; change to "are valid")

Mark Nottingham   http://www.mnot.net/