Re: I'm struggling with 2219 language again

[Hector Santos <hsantos@isdg.net>]

+1.

I think it is important that we have communications tools for 
documenting strong minimum protocol requirements and we only have 
RFC2119 to make that possible.

Yet, we need to be careful where the lack of RFC2119 upper case 
wordings can be used to leverage an argument for relaxation of 
existing protocols where perhaps only lower case semantics were done.

IMO, where there are multiple protocol state choices or paths and 
where common sense engineering and security functionality is clear, 
upper vs lower should not matter.

I will like to use an example protocol logic I am currently concern 
with that could be altered due to 2119 related debates:

   For protocol state condition A, you may do action B or C.
   If action B is taken, you MUST do D.

So action B has 2119 language to do D.  Part of the 2219 debate is 
that doing action B or C are both optional.

C is not defined, although it could be said it was implied via other 
indirect protocol features:

   You SHOULD do E.

and in a protocol change proposal, it is now:

   You SHOULD do E1 instead of E.

Well, to do E or E1, you have to do C, not B.

Now the history of this is that original drafts/specs (ones some folks 
want us to ignore) did have 2119 language on whether you MAY do B or 
C, and in fact in an extended augmented RFC protocol, it only allowed 
for a MUST action B for protocol condition A.  C was not an option (or 
at least it wasn't stated) in the extended RFC technology.

The problem was the lack of an upper case MAY has provided the notion 
that none of this is normative thus making the action C more possible 
and action B less attractive.

By making C more possible, this makes E more plausible and now that E1 
is a new recommendation and preferred feature than E,  the idea of 
doing action B is now watered down.

The issue is sensitive and honestly, it got to a point where one says 
  "Who cares!?" If they want to watered down B, so be it.  You don't 
need to support it protocol changes nor the newer push to the E1 
recommendation.

The problem for me?

Is why is the security aspects of this do not make it obvious of what 
needs to be done?  We got into anal debate of 2119 language and I even 
recall a few years ago where another debate of the definition of 
SHOULD got a number of people labeled as 2219 illiterates by an AD.

In the example I cited, politics comes into play because you have two 
industry mindsets under protocol condition A:

   1) Those that believe in action B as the more secured action, and
   2) Those that DO NOT believe in action B and prefer C.

There is where a person like myself is left with the idea of waiting 
for WGLC to appeal changes to the protocol that will watered down 
action B.

This is all due because of the lack of 2119 language that many believe 
were naturally in place with just using lower case wordings.

No upper case, therefore action B is weak and that was unfair to 
current implementations that only do action B as its the most secured 
implementation (and less costly) action to protect users.   By 
allowing RFC2119 or stated arguments the protocol lacked 2119 
language, weakens the protocol and makes it more complex for 
implementations to consider action C which can be more harmful if 
certain forms of C making it functionality equivalent (security wise) 
to action B is not done (this is the added complexity).

I'm sure this is a dime a dozen story, but to me it is common to see 
WG chairs, AD and other key cogs throw the proverbial 2119 book at 
developers to help push specs.   IMO, we need it but we also need some 
common sense engineering and consideration to be done when we review 
current docs.  Ignoring existing implementations SHOULD not be one of 
them.

-- 
HLS


Lou Berger wrote:
> 
> On 1/4/2013 12:15 AM, Dean Willis wrote:
> ...
>> Are we deliberately evolving our language to use RFC 2119 terms as
>> the principle verbs  of a formal specification language?
> ...
> 
> My view on this has evolved over time.  I used to follow the practice of
> using 2219 language only for emphasis.  Over time, primarily motivated
> by reviewers comments and reader questions, I've migrated to the
> position that 2119 language should be used whenever and wherever a point
> of conformance is being made.  While this may be a bit of an extreme
> position, it ensures that authors, reviewers, readers, implementors,
> etc. are in sync as to what is expected from an interoperable
> implementation that conforms to a standard.  I think the importance of
> such unambiguity has increased over time as the number of implementors
> and non-native English speakers in our community have increased.
> 
> I also think it's important to follow section 6 of 2119, i.e., if it's
> not a point of interoperability or harmful behavior, there's no need to
> use 2119 conformance language.
> 
> So, my view is now:
> 
> a) lower case usage of 2119 key words *in RFCs* means the normal English
> meaning of such words, but does not place any requirement on
> implementations, i.e., is purely informative text.
> 
> b) upper case usage of 2119 key words *in RFCs*, as stated in [RFC2119],
> places "requirements in the specification", i.e., is conformance
> language with which an implementation must follow to ensure
> interoperability (or harm).  (And does not = shouting as would be the
> case in other contexts).
> 
> I take this view when writing and reviewing PS drafts...
> 
> Lou
> 
>