IETF Logo Mail Archive

Re: Question about BCP 14 / RFC 8174

Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 28 August 2025 23:45 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ietf@mail2.ietf.org
Delivered-To: ietf@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 7A82F5A52F7E for <ietf@mail2.ietf.org>; Thu, 28 Aug 2025 16:45:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sb9jTsvDhWHZ for <ietf@mail2.ietf.org>; Thu, 28 Aug 2025 16:45:56 -0700 (PDT)
Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 1D5215A52F76 for <ietf@ietf.org>; Thu, 28 Aug 2025 16:45:56 -0700 (PDT)
Received: by mail-pf1-x431.google.com with SMTP id d2e1a72fcca58-7721b8214d4so1226411b3a.2 for <ietf@ietf.org>; Thu, 28 Aug 2025 16:45:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1756424755; x=1757029555; darn=ietf.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=z5eaqo0oneo2Kai3xxVHwB2j0d2bgrGy4earh5/ehFw=; b=Fl0SlYwuaJJGTEcIjapICEXPk4Q63ZJY0sF3soTwL0qGBnB4VZ9mfLGpqC7FBK0Bgv AWeUfjN8hfyb8kIe7/Ufwa1VNku+kG2h3kdFqXqNQTIPbb8kMkZw95pWx+Hbk0V0qFDc x5GN2lBoyTxsNywUEsJsSMGOJDvdnbUs9jTKf4JWBKuU76UHrUE0N9AX5hoH9yW62/0R 6tmW9q4T7JFW4XR4u3dyb/D/89Bk+l+uc2l4GIRwowHYmrAYPJsSYDCY0XgdFDWzrl7d BmN4MxCQywGhXoL0IiU/F6/AGWZcQjd4Z8apcRluoOwi5kTzXiiBoUKYrRizfyn3RzBy fOrQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756424755; x=1757029555; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=z5eaqo0oneo2Kai3xxVHwB2j0d2bgrGy4earh5/ehFw=; b=V0XsWrol2mpokgHEugh17HqvuzYlziTR2/e3E8s4vO/iKYgKUi3sg+FIHdJWo/TOuJ ZD1Ir2MHOz/hN4xQAvOcOblqMNX0spCprHzcJl1u8e3j7hb1oUGV8+YXJnT/GlL4l+Vg 1tQT9JjeqYBLqedzteSAoMN4iNFfpCpoaZqVOhsrDDOAF+KsNF/uWaFHAXd6DUG2hZAr HlyMFpN9Wkmn6JzTlPX3TZKH5JFuB+jh5a668ndlzjHYJKo9G5iMv42F8lfCectDbq5p zOR+Vktzy+6S5/+1GXImjwBcNmuW01/fDtjlB1MYJxSyFjbSfzFp2p4M9Lv4ruMGBjrY 9Ipw==
X-Gm-Message-State: AOJu0Yw0QROothtYZVZZZn9xdBpKMb0YU8Nm+pUtZHAYZpnEALgi8xgd rEU4Yzd8Y6pgAhW/G7MJRIgPkD5chfN/XinBErt2dsMSnK0syArj35JKcAnRvQ==
X-Gm-Gg: ASbGncsNf8+iCZqvKl1CV4BGX/vZ+Ls/4Lu7fmOxGsGKTBj8EciHHnpn5YHpGuVNL+W AhSQHN/MWpRPQTVf/zl6ibMx7xln2gLqj7oYUjkXfYSP0pkYMvrmiUPQ2A8iCrDpQc+prG4HkPp /U3ULbST745beByBS7TSch0MXze5qlu3QICvctaTRUKVbeZOKu+h86UsXLMlQTYXqCVkPHZ85i2 X0neYWiLNqpGHXLUOJoDGY3ZpVivWWGY/O7Fsth+Sw3Yt0BdrIxYxjd/+7y0eN1HnZEaN1MTSGv zCbpN4bL4QSZYeweWRzH6gMC2xbqdvO4QW//6X2tcPgJDUOcEu9LrtPOFYqAj19c9Zxzff2ryZL fqahgg1sL6tTmZCTaPcDoANaxqMMExdGlemgWtT7sSBein2XNB2VwEx7Wdsq1qaVD9uMFdvCmPz 49BQzC5AzB4Ad+hwyrZGZjSL23qLX7hSpQ+RE=
X-Google-Smtp-Source: AGHT+IFeBf4zppMhTnQMHG2QFaUA8tfgjBqwVphGdtgLbLcwGmZJU+SZyUDLgu6v+e+BD5EyrGK9fA==
X-Received: by 2002:a05:6a20:33a6:b0:243:98f9:a620 with SMTP id adf61e73a8af0-24398f9c66dmr10627802637.54.1756424755049; Thu, 28 Aug 2025 16:45:55 -0700 (PDT)
Received: from ?IPV6:2404:4400:541d:a600:44b7:2c2e:2bc6:8707? ([2404:4400:541d:a600:44b7:2c2e:2bc6:8707]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-b4cd006e546sm528961a12.4.2025.08.28.16.45.53 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 28 Aug 2025 16:45:54 -0700 (PDT)
Message-ID: <51f521aa-0b66-4f35-a9b1-815cb92a169e@gmail.com>
Date: Fri, 29 Aug 2025 11:45:50 +1200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Question about BCP 14 / RFC 8174
To: Toerless Eckert <tte@cs.fau.de>
References: <aKzK5qdwLUHSa3JL@ubby> <CAC4RtVASn123qUSuFZg50wL4Nrjebz=QMf5AU=jeZLgQd5fsDg@mail.gmail.com> <9953f535-672f-49de-8b8f-9e1a471d97b8@gmail.com> <aLDiRY6Tw7PTKQoy@faui48e.informatik.uni-erlangen.de>
Content-Language: en-US
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
In-Reply-To: <aLDiRY6Tw7PTKQoy@faui48e.informatik.uni-erlangen.de>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: base64
Message-ID-Hash: BBCESTBCOCWTPWF7EGQCCHSXFIVAH6NJ
X-Message-ID-Hash: BBCESTBCOCWTPWF7EGQCCHSXFIVAH6NJ
X-MailFrom: brian.e.carpenter@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ietf.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: ietf@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
List-Id: "IETF-Discussion. This is the most general IETF mailing list, intended for discussion of technical, procedural, operational, and other topics for which no dedicated mailing lists exist." <ietf.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/c83Gxgq2Fjnu94tlyW49By_X5Mk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Owner: <mailto:ietf-owner@ietf.org>
List-Post: <mailto:ietf@ietf.org>
List-Subscribe: <mailto:ietf-join@ietf.org>
List-Unsubscribe: <mailto:ietf-leave@ietf.org>

Toerless, I agree with you but again, my concern is not really about MUST/MANDATORY or MAY/OPTIONAL. It's about SHOULD/RECOMMENDED, where it might often be better to write MUST... UNLESS without BCP 14 really being needed.

As in "You SHOULD look both ways before crossing the road" vs "You MUST look both ways before crossing the road UNLESS you are being chased by a grizzly bear." That's the BCP 14 interpretation of SHOULD, but we have often seen evidence of developers interpreting it as "You don't really have to look both ways before crossing the road."

I think operators are much less likely to make that mistake, whether the RFC cites BCP 14 or not.

Regards/Ngā mihi
    Brian Carpenter

On 29-Aug-25 11:12, Toerless Eckert wrote:
> I don't want to spend the time not to find appropriate RFCs, but i think
> there are operational BCP documents that do use BCP14 language.
> 
> I think such use is very useful, but the BCP14 language does not
> really support such a use well. Especially not section 6. limits
> of the use of MUST against interoperability or harm.
> 
> Operators MUST wash their hands before and after touching routers to
> limit propagation of infectuous deseases.
> 
> Ok, that might check off against the harm criteria, but i doubt that
> everybody who writes MUST (NOT) requirements in such a document has
> thought of arguing harm if/when challenged by IETF/IESG review.
> 
> Likewise, we did have for a long time a very limited view of interoperability.
> For example anything between two software entities within the same physical
> box (and hence single vendor! - haha) was not allowed to call on the interop
> justification. Which is why we never standardized (abstract) API in those days...
> Luckily there is evolution in interpretation. Even in IETF.
> 
> I guess if/when push comes to shove, one may even modify the BCP14
> disclaimer specifically for such a document to amend/modify the operational
> conditions deemed appropriate for MUST (NOT) - in this dcocument.
> 
> Cheers
>      Toerless
> 
> Operators MUST NOT
> 
> I think that such use can be highly useful, but iof the language could be useful, but
> especially the that can be useful although the language, especially
> the guidance on MUST does actually constrain the
> 
> On Wed, Aug 27, 2025 at 08:53:56AM +1200, Brian E Carpenter wrote:
>> On 27-Aug-25 03:17, Barry Leiba wrote:
>>> You're not noticing that the OLD text also talks only about IETF
>>> documents by saying "many standards track documents".  The NEW text is
>>> intentionally broader, including all IETF documents -- Informational
>>> and Experimental as well.  That's because we've realized over time
>>> that it's useful to include BCP 14 key words in those also, not just
>>> in standards.
>>
>> Yes. Personally I would always think carefully about whether to use
>> them apart from the standards track, and they have sometimes been
>> confusing when used in documents that are not protocol definitions,
>> but there's no value in attempting to prohibit them.
>>> It was not intentional to say that *only* IETF documents use these.
>>> But we're only writing, here, about and for the IETF, and BCP 14 only
>>> explicitly applies to the IETF.
>>
>> Again, yes. If they prove useful for a non-IETF RFC, that's fine.
>>
>> As far as non-RFC documents go, I don't know about RFC 8174, but
>> RFC 2119 has been cited by hundreds, if not thousands, of other
>> documents. (Random example: "Openid provider authentication
>> policy extension 1.0" from 2008.) I don't know how many of them
>> really use "SHOULD" or "RECOMMENDED" correctly.
>>
>>     Brian
>>
>>>
>>> Barry
>>>
>>> On Mon, Aug 25, 2025 at 4:44 PM Nico Williams <nico@cryptonector.com> wrote:
>>>>
>>>> I guess I've been hiding under a rock or something and missed RFC 8174.
>>>> I was... surprised to see that the NEW text specifically refers to "many
>>>> IETF documents" considering that many non-IETF documents also make use
>>>> of BCP 14 terminology.
>>>>
>>>> Of course anyone making use of BCP 14 outside IETF documents can just
>>>> either not mind or elide the IETF specificity, so maybe "who cares".
>>>> But I find this change surprising, and odd.
>>>>
>>>> Nico
>>>> --
>>>>
>>>
>

v2.34.0 | Report a Bug | By Email | System Status