[rfc-i] RFC2119 requirements language in security considerations?

Jeff.Hodges at KingsMountain.com (=JeffH) Tue, 29 March 2016 21:16 UTC

From: Jeff.Hodges at KingsMountain.com (=JeffH)
Date: Tue, 29 Mar 2016 14:16:50 -0700
Subject: [rfc-i] RFC2119 requirements language in security considerations?
Message-ID: <56FAF0C2.6060000@KingsMountain.com>

AFAICT, there is no "offical" admonition against one using RFC2119 
requirements language in security/privacy considerations sections, e.g...

###
6.  Security Considerations

6.1.  Downgrade Attacks

    ..blah..blah.. The signature algorithm and key length
    used in the foobar of type "bazfratz" MUST match the parameters
    negotiated via [foo] extension.
###

..however, it's been expressed in various places on-lists and verbally that 
some reviewers will object to it, and I was just wondering whether there's 
someplace this guidance and rationale is written down where one can point 
others at it.

thanks,

=JeffH

[rfc-i] RFC2119 requirements language in security… =JeffH
[rfc-i] RFC2119 requirements language in security… Paul Hoffman
[rfc-i] RFC2119 requirements language in security… Brian E Carpenter
[rfc-i] RFC2119 requirements language in security… Paul Hoffman
[rfc-i] RFC2119 requirements language in security… Brian E Carpenter