IETF Logo Mail Archive

Re: [rfc-i] RECOMMENDS

"Andrew G. Malis" <agmalis@gmail.com> Wed, 03 January 2024 16:11 UTC

Return-Path: <agmalis@gmail.com>
X-Original-To: rfc-interest@ietfa.amsl.com
Delivered-To: rfc-interest@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96D0DC008910 for <rfc-interest@ietfa.amsl.com>; Wed, 3 Jan 2024 08:11:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id REXQJmCkfv_H for <rfc-interest@ietfa.amsl.com>; Wed, 3 Jan 2024 08:11:51 -0800 (PST)
Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com [IPv6:2607:f8b0:4864:20::430]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4D30C14F69B for <rfc-interest@rfc-editor.org>; Wed, 3 Jan 2024 08:11:51 -0800 (PST)
Received: by mail-pf1-x430.google.com with SMTP id d2e1a72fcca58-6d9b5c4f332so2491809b3a.3 for <rfc-interest@rfc-editor.org>; Wed, 03 Jan 2024 08:11:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1704298311; x=1704903111; darn=rfc-editor.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=/Uz1OhvZXiTJhC/8rd15DLZLGmTjjKuHe8xjJRdKPEQ=; b=dhHTa7YeW2ww/ymYK0CBgzTGDYQm1NyAWJeAHVlMbCBXzvyOE2F4ufLW6aOQ02+Htr +7969fj1VoD4HUXOoyk/zhqFz3xbPVUBKbMGZaSD1LaONgEuvz878GnjpPVaww3/L/6w Da40oTaDKKN8mmjeK3vRb+TqiCetK1HsrH9MpOIIehERwHiHa0PbBBlJX+HalELYKOKT c90yh8/pH8A8CsCwgMyVEPSvIHMlhxvpGXfOECyzFU7xiksCxKU/yjIbKNsDlccv7c0c 6Jouo6UFzrWetQn/10T0JLckOkF2W1pa240apHy1Am0aZhc/5paAn431P1ulhZtHMShy 8vXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704298311; x=1704903111; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/Uz1OhvZXiTJhC/8rd15DLZLGmTjjKuHe8xjJRdKPEQ=; b=b7CJud8cW67MJD+OFuJFmCc5EKfLCYjQa4j47ABS5aKrVolUhwXYCMFkj7ottJjjlf 8gx4nTyyTbDTaFx9TBvZGNJByMF8V3Yr/9WyhZpPbXB/08fknVpvS5HGWyyJn1WAMB6R rCoUBFsa4QTPl2EHFRpFvxam4cmgr+BVQBKRaQr73/hkpFfP1RjaezZYOXI8lSvDAQqE q8/OEII7TzYTEKLq2I/Zv4XC6GZOlc2saJAp6ZCBKLa4T5AZqUiA7FM2iElKHtSDMoyV +j8t8rzF0PIpZtbB0/euCHSS7SsOLn+gcmZOnvxOZFSIZyKgsyQLWzj1Twdrq8aUyPUM NDVA==
X-Gm-Message-State: AOJu0Yy2W71Vy8o5wmODydZpwHGx7lOoIoL4lq7KlnZExwSkjcmXiOeA o1CzCFfiTsbcQcDENf9tGhL1v96T3KYoSUMmO2I=
X-Google-Smtp-Source: AGHT+IGzr81XxmVkSBcGXXLeZU+yiJGPDbM9gCjNOH33IPhjtF5WA7GGWLdBHXuYUCLy+EaQ0FMa46S1huXKvQHe0eQ=
X-Received: by 2002:a05:6a00:17a8:b0:6d9:b484:cb26 with SMTP id s40-20020a056a0017a800b006d9b484cb26mr7872278pfg.32.1704298310907; Wed, 03 Jan 2024 08:11:50 -0800 (PST)
MIME-Version: 1.0
References: <d2c2ffee-1af6-8441-7486-06115542690d@gmail.com> <13079.1704159169@obiwan.sandelman.ca> <ccb81ba5-d09c-a849-c32e-aaaa16cde968@gmail.com> <DM6PR02MB43774EE37D2FCB4C10A581F7D861A@DM6PR02MB4377.namprd02.prod.outlook.com> <c49f652f-e370-4e61-8e14-a8c61079617f@gmx.de> <CANMZLAZu_xTGor6tZdSE3RiW+gRvEN-snYLepgU_HQxL2EgcnQ@mail.gmail.com> <d27bf8eb-9fce-41d2-9895-33d8f0ec9fac@nostrum.com> <18687.1704296479@obiwan.sandelman.ca>
In-Reply-To: <18687.1704296479@obiwan.sandelman.ca>
From: "Andrew G. Malis" <agmalis@gmail.com>
Date: Wed, 03 Jan 2024 11:11:33 -0500
Message-ID: <CAA=duU3rfh07b7uA9N2-TH_X-_LzOwY9RXH0AJv+wWBB35KBuQ@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Brian Carpenter <brian.e.carpenter@gmail.com>, RFC Interest <rfc-interest@rfc-editor.org>
Content-Type: multipart/alternative; boundary="00000000000069bb13060e0cdfb7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rfc-interest/1T6j7ibdmiNHvGy4AD9awJXhxTs>
Subject: Re: [rfc-i] RECOMMENDS
X-BeenThere: rfc-interest@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "A list for discussion of the RFC series and RFC Editor functions." <rfc-interest.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/rfc-interest>, <mailto:rfc-interest-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rfc-interest/>
List-Post: <mailto:rfc-interest@rfc-editor.org>
List-Help: <mailto:rfc-interest-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/rfc-interest>, <mailto:rfc-interest-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jan 2024 16:11:55 -0000

Like Michael, I'm also the author of an RFC (8469) that uses the phrase
"This document RECOMMENDS ...". As Brian noted, we could have used "It is
RECOMMENDED that..." but we preferred the active voice, and obviously the
IESG and RFC Editor had no problem with it. I also agree that it should be
made official.

Cheers,
Andy


On Wed, Jan 3, 2024 at 10:41 AM Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> Hmm.
> I'm responsible for the RFC8995 use of RECOMMENDS, in it's full context is:
>
>    Sections 7.2.13 (2009 edition) and 8.10.3 (2018 edition) of [IDevID]
>    discuss keyUsage and extendedKeyUsage extensions in the IDevID
>    certificate.  [IDevID] acknowledges that adding restrictions in the
>    certificate limits applicability of these long-lived certificates.
>    This specification emphasizes this point and therefore RECOMMENDS
>    that no key usage restrictions be included.  This is consistent with
>    [RFC5280], Section 4.2.1.3, which does not require key usage
>    restrictions for end-entity certificates.
>
> in the list that Brian posted, it seems to be the youngest use :-)
>
> We could have worded it:
>    This specification emphasizes this point and therefore it is RECOMMENDED
>    that no key usage restrictions be included.  This is consistent with
>
> There definitely ought to be an "or else" for each SHOULD, and the "or
> else"
> here is that it likely will fail to interoperate with anything that is
> enforcing EKU.  In our case, that is actually what the IDevID document(s)
> say, so we avoided repeating ourself, and I think that's okay.
> Using "SHOULD NOT" we could have written:
>
>    This specification emphasizes this point and key usage restrictions
> SHOULD
>    NOT be included.  This is consistent with...
>
> I think that these revisions would have been just fine.
> I mostly agree with a few people (who unicasted me) that "it's all fine"
>
> Where I agree with Brian: "grep" and non-english speakers who wonder if
> there
> is some difference.  And the XML/HTML markup needs fixing.
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>            Sandelman Software Works Inc, Ottawa and Worldwide
>
>
>
>
> _______________________________________________
> rfc-interest mailing list
> rfc-interest@rfc-editor.org
> https://mailman.rfc-editor.org/mailman/listinfo/rfc-interest
>

v2.23.0 | Report a Bug | By Email