Re: [secdir] RFC2119 vs "ought" etc, was: SECDIR review of draft-ietf-httpbis-p7-auth-24
Barry Leiba <barryleiba@computer.org> Wed, 30 October 2013 15:05 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51DA711E8265 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 30 Oct 2013 08:05:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.074
X-Spam-Level:
X-Spam-Status: No, score=-6.074 tagged_above=-999 required=5 tests=[AWL=3.903, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PKk4jUd9VM23 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 30 Oct 2013 08:05:50 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 882F511E825F for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 30 Oct 2013 08:05:45 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1VbXK9-0006HO-Bv for ietf-http-wg-dist@listhub.w3.org; Wed, 30 Oct 2013 15:04:45 +0000
Resent-Date: Wed, 30 Oct 2013 15:04:45 +0000
Resent-Message-Id: <E1VbXK9-0006HO-Bv@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <barryleiba@gmail.com>) id 1VbXK0-0006GZ-5n for ietf-http-wg@listhub.w3.org; Wed, 30 Oct 2013 15:04:36 +0000
Received: from mail-qa0-f49.google.com ([209.85.216.49]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <barryleiba@gmail.com>) id 1VbXJv-0007Eb-9t for ietf-http-wg@w3.org; Wed, 30 Oct 2013 15:04:36 +0000
Received: by mail-qa0-f49.google.com with SMTP id i13so899525qae.8 for <ietf-http-wg@w3.org>; Wed, 30 Oct 2013 08:04:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=2Mp7ePHlaMQUXjGhW/l8RtqTgoU4lMWEPjeV8mkoCKQ=; b=bp38qjw7ALo7lXcR5OLC5hop43t/yzEAfmEzvf1orQMilb03EaZxMKG6/2Q9A+2k9F nHeZRMEuJat/tFMY0GpZ6/RVw/ADbBgVwOJA017ayV1zCAMVtOA+HP+CR8iyJfyPEvWl 9zV1/ZCacPQXi0DQp/m23/1ekHCTJ9ocXZbj7JWIl26RKwc1uSV2Bd8U1FTt377ee3eV u+yoH8DlmjkgaikOu2ob/XM2q99eIc1Xh5ZbAdmU7V2nK5X+HCNHPE8gciQ1M6jfxZL4 KEl2Ch3hnnIdx23iVtc3IOVHH7tX+BSMtZq66S5baSsmmiS3qsQnKc25Wgi5NDaX6Y+O 5gYg==
MIME-Version: 1.0
X-Received: by 10.49.94.72 with SMTP id da8mr7086364qeb.67.1383145445691; Wed, 30 Oct 2013 08:04:05 -0700 (PDT)
Sender: barryleiba@gmail.com
Received: by 10.224.67.130 with HTTP; Wed, 30 Oct 2013 08:04:05 -0700 (PDT)
In-Reply-To: <CAL02cgT+UZ18Lvm68rbKBzTHsfeO9Bf=us0W3a8dsMdc2boA6g@mail.gmail.com>
References: <52700DE4.8020208@bbn.com> <5271051E.4040908@gmx.de> <CAL02cgRdWK77ZCu32KA2p3_5+CrmC9v=fyUMBJXgQrT1qSUz4g@mail.gmail.com> <5271105A.10105@gmx.de> <CAL02cgT+UZ18Lvm68rbKBzTHsfeO9Bf=us0W3a8dsMdc2boA6g@mail.gmail.com>
Date: Wed, 30 Oct 2013 11:04:05 -0400
X-Google-Sender-Auth: EGS89iv12Cn1o2oUfThjkPZwHAc
Message-ID: <CALaySJL8C0zj0Br5x=FzJg1uGSEZiOoU5AEYXALqBvh8NRXREw@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Richard Barnes <rlb@ipv.sx>
Cc: Julian Reschke <julian.reschke@gmx.de>, Stephen Kent <kent@bbn.com>, secdir <secdir@ietf.org>, "fielding@gbiv.com" <fielding@gbiv.com>, "mnot@pobox.com" <mnot@pobox.com>, Pete Resnick <presnick@qti.qualcomm.com>, "Mankin, Allison" <amankin@verisign.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="ISO-8859-1"
Received-SPF: pass client-ip=209.85.216.49; envelope-from=barryleiba@gmail.com; helo=mail-qa0-f49.google.com
X-W3C-Hub-Spam-Status: No, score=-3.4
X-W3C-Hub-Spam-Report: AWL=-2.682, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1VbXJv-0007Eb-9t 9807f0d1e008d7ccec72bb6e15b8e552
X-Original-To: ietf-http-wg@w3.org
Subject: Re: [secdir] RFC2119 vs "ought" etc, was: SECDIR review of draft-ietf-httpbis-p7-auth-24
Archived-At: <http://www.w3.org/mid/CALaySJL8C0zj0Br5x=FzJg1uGSEZiOoU5AEYXALqBvh8NRXREw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/20208
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
>>> Why do you feel the need to avoid SHOULD and MAY here? They don't place >>> any more burden on implementors than "ought" and "might". >>> --Richard >> >> I believe in following the guidance in RFC 2119: > > The key word there, though, is "imperatives". Nothing we're talking about > here is an imperative, just a recommendation (or RECOMMENDATION). Skimming > through the instances of "ought to" in the document, it seems like they all > meet the definition of "SHOULD" in 2119, i.e., things that implementations > should only diverge from if they have a good reason. (In fact, there are > some that seem like they should be "MUST", but that's a different topic.) First: I think it's a good idea, in a document that defines protocol, to separate the requirements for the protocol from the recommendations for implementation aspects that speak to quality of implementation and user experience, but that don't affect protocol operation (and interoperation). Second, because the use of "should", "must", "may", and "recommended" in lower case is controversial (for reasons that I don't agree with, but never-you-mind that), I think using alternatives (as, for example, proposed here, which was not intended for 1 April publication: http://tools.ietf.org/html/draft-hansen-nonkeywords-non2119 ) is a fine thing. Third, these situations in the httpbis documents *are* things that don't affect the protocol. How should a browser treat [whatever]? Well, a browser that makes bad choices could be considered a crummy browser, so giving advice is good and useful. But the server won't know nor care, so this isn't a protocol issue. I don't think, therefore, that in a protocol document we should use 2119 language for that. Save the 2119 language for the protocol. Fourth, this is starting to get into nitty wordsmithing (the part about whether "ought" is a good word... not the part about whether it's normative or not), which I don't think is really appropriate at this stage of document development. That is, it's fine to bring it up editorial things for the editors to consider, but pushing on them at the expense of time spent on substantive issues doesn't seem wise at this stage. Barry
- Reuse of credentials per realm, was: SECDIR revie… Julian Reschke
- Fwd: SECDIR review of draft-ietf-httpbis-p7-auth-… Julian Reschke
- RFC2119 vs "ought" etc, was: SECDIR review of dra… Julian Reschke
- Re: SECDIR review of draft-ietf-httpbis-p7-auth-24 Julian Reschke
- Re: [secdir] RFC2119 vs "ought" etc, was: SECDIR … Julian Reschke
- WWW-Authenticate parsing quirks, was: SECDIR revi… Julian Reschke
- Re: SECDIR review of draft-ietf-httpbis-p7-auth-24 Julian Reschke
- Re: [secdir] RFC2119 vs "ought" etc, was: SECDIR … Barry Leiba
- Re: Reuse of credentials per realm, was: SECDIR r… Julian Reschke
- proxies and forwarding of credentials, was: SECDI… Julian Reschke
- additional mechanisms on top of the auth framewor… Julian Reschke
- Re: proxies and forwarding of credentials, was: S… Bjoern Hoehrmann
- Re: additional mechanisms on top of the auth fram… Bjoern Hoehrmann
- Re: additional mechanisms on top of the auth fram… Julian Reschke
- Re: [secdir] additional mechanisms on top of the … Nico Williams
- Re: additional mechanisms on top of the auth fram… Bjoern Hoehrmann
- Re: additional mechanisms on top of the auth fram… Julian Reschke
- Re: proxies and forwarding of credentials, was: S… Mark Nottingham
- Re: additional mechanisms on top of the auth fram… Julian Reschke