IETF Logo Mail Archive

Re: Question about BCP 14 / RFC 8174

Simon Josefsson <simon@josefsson.org> Tue, 26 August 2025 07:30 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: ietf@mail2.ietf.org
Delivered-To: ietf@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 53E5B58FF8B0 for <ietf@mail2.ietf.org>; Tue, 26 Aug 2025 00:30:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.401
X-Spam-Level:
X-Spam-Status: No, score=-4.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b="jYf6vK7R"; dkim=pass (2736-bit key) header.d=josefsson.org header.b="U0VlX1/e"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8MvuvfblPl7o for <ietf@mail2.ietf.org>; Tue, 26 Aug 2025 00:30:56 -0700 (PDT)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 13B3B58FF8A4 for <ietf@ietf.org>; Tue, 26 Aug 2025 00:30:55 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=Ogp/ZIso3EWOqF6BXiYUIOZfHR8p8wERpWgU/mFJ9ko=; t=1756193451; x=1757403051; b=jYf6vK7R5N5Who249hzMWBO8L9h+LGqhNuLU3kIvFGYGsgTjDHyya0Q0DML0NiGBQiuHFqhQrYy o2KZyjv/zBg==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=Ogp/ZIso3EWOqF6BXiYUIOZfHR8p8wERpWgU/mFJ9ko=; t=1756193451; x=1757403051; b=U0VlX1/e1VMIvZCw9pHoNDT1xvxmKUXcCssx1qeFslTvXCp793dfQcXRl66fC4sMMybP51FZ89L jp0UGACJSWRWauBD3kBFludMViSkVB1zeXNjhGDDJOS7Or/hAOnS4opRHsyLiPIRSBqWRP8qCmpX9 MMcwjXrryii6Lh/ruQ0+iuJMUqdgryG9/uFH7sS0lZE4r59g0+vzG2qIuM9YTwyt9u+BT4zo6e1Nr 5M2Uq9NQAije5UteZG9Ic2/C/a9d5ghuJZlUYhjeZvLsw89KFKXTzdXrB9IESnP7O3wCqQokfR5RJ j9XaPmWd1lcGnpsVwh6QUk9Md/q75GD/2Iie0nYtrzrkVjY4wZTjqL+esjzgGjrJiel2phu5H/uNN fGo39MibCyeQFUQwFW9Fwn3Ojl9RJS2EtngGWH7/94AR8uli7Jed/OSI+vMNY6cXdlysCLfJa;
Received: from h-178-174-130-130.a498.priv.bahnhof.se ([178.174.130.130]:44316 helo=kaka) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <simon@josefsson.org>) id 1uqo8n-001gMt-7c; Tue, 26 Aug 2025 07:30:49 +0000
From: Simon Josefsson <simon@josefsson.org>
To: Nico Williams <nico@cryptonector.com>
Subject: Re: Question about BCP 14 / RFC 8174
In-Reply-To: <aKzK5qdwLUHSa3JL@ubby> (Nico Williams's message of "Mon, 25 Aug 2025 15:43:18 -0500")
References: <aKzK5qdwLUHSa3JL@ubby>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:23:250826:nico@cryptonector.com::FvwO+76q/63F7ogk:6w57
X-Hashcash: 1:23:250826:ietf@ietf.org::/Aj/jFu6tLxtsm3a:QgJV
Date: Tue, 26 Aug 2025 09:26:29 +0200
Message-ID: <878qj67dcq.fsf@josefsson.org>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Message-ID-Hash: U3A7LY4JV3CA46QYR6Q4IXCNE3FV5QKD
X-Message-ID-Hash: U3A7LY4JV3CA46QYR6Q4IXCNE3FV5QKD
X-MailFrom: simon@josefsson.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ietf.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: ietf@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
List-Id: "IETF-Discussion. This is the most general IETF mailing list, intended for discussion of technical, procedural, operational, and other topics for which no dedicated mailing lists exist." <ietf.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/u23xhCmFwjZiQVInn6xO3YS4g60>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Owner: <mailto:ietf-owner@ietf.org>
List-Post: <mailto:ietf@ietf.org>
List-Subscribe: <mailto:ietf-join@ietf.org>
List-Unsubscribe: <mailto:ietf-leave@ietf.org>

Nico Williams <nico@cryptonector.com> writes:

> I guess I've been hiding under a rock or something and missed RFC 8174.
> I was... surprised to see that the NEW text specifically refers to "many
> IETF documents" considering that many non-IETF documents also make use
> of BCP 14 terminology.
>
> Of course anyone making use of BCP 14 outside IETF documents can just
> either not mind or elide the IETF specificity, so maybe "who cares".
> But I find this change surprising, and odd.

Isn't the change there to broaden the scope beyond Standards Track?

   === OLD ===
   In many standards track documents several words are used to signify

   === NEW ===
   In many IETF documents, several words, when they are in all capitals

Perhaps the restriction to IETF-only was unintentional.

I think that is a good change, however I think it could have been

  "In many RFC documents, ..."

Because I think it isn't unreasonable to say that not all RFCs are IETF
documents.  And some non-IETF RFCs may make use of the same kind of
clarity related to these keywords.

As you suggest, these phrases are often used outside of the IETF/RFC
process too, and some are arguing that I-D's can have normative archival
status where they also make sense, so relax it even further like this:

  "In many documents, ..."

In fact maybe the paragraph reads better by simply dropping the leading
'In many IETF documents, ' altogether, turning it into:

   === NEW ===
   Several words, when they are in all capitals
   as shown below, are used to signify the requirements in the
   specification.  These capitalized words can bring significant clarity
   and consistency to documents because their meanings are well defined.
   This document defines how those words are interpreted in IETF
   documents when the words are in all capitals.

How about a new bis document that Obsoletes: RFC 2119 + RFC 8174 instead
if doing yet another Updates: document?

Another aspect that is not explained well, and is often misunderstood,
is that these keywords are related to conformance to the actual document
itself.  Sometimes people believe the keywords have bearing on
conformance to something beyond the document itself.  As an example, a
document RFC XYZ saying "You MUST use TLS 1.3 with ROT13 encryption",
without any Updates:/Obsoletes: tags towards the TLS RFCs , does not
alter TLS 1.3 in any way, but any implementation claiming conformance
with RFC XYZ would make that change.  This aspect came up in the SSH
strnup761 document where we were asked to lower-case 'RECOMMENDED' into
'recommended' to avoid having the RFC8174 meaning apply.

/Simon

v2.34.0 | Report a Bug | By Email | System Status