Re: [rfc-i] RECOMMENDS
Michael Richardson <mcr+ietf@sandelman.ca> Wed, 03 January 2024 15:41 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: rfc-interest@ietfa.amsl.com
Delivered-To: rfc-interest@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC541C31E88B for <rfc-interest@ietfa.amsl.com>; Wed, 3 Jan 2024 07:41:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.407
X-Spam-Level:
X-Spam-Status: No, score=-4.407 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z4MdRv3TalrJ for <rfc-interest@ietfa.amsl.com>; Wed, 3 Jan 2024 07:41:23 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7289C31E888 for <rfc-interest@rfc-editor.org>; Wed, 3 Jan 2024 07:41:23 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 458EF18010; Wed, 3 Jan 2024 10:41:21 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Rm2IMa0wtWu5; Wed, 3 Jan 2024 10:41:19 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 5016F1800C; Wed, 3 Jan 2024 10:41:19 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1704296479; bh=gMJH8CdJjBtsnjXJYAq7FJbZIK/n7tw+G76YvsXaBWw=; h=From:To:Subject:In-Reply-To:References:Date:From; b=k8Kj7YrMtOJ0nHnJqbupblA7eAQKgvddvfyFNgm5sqvErXJRHW74uxryzQParXHud SPNLpYHVd3Jv0kVV9BoPdhP9SZ4LT/zEaIQDC7E6m2FqweLajqG16Ec/HjpYgAVZ3Y d85kwmBeNSbShcv/8fmjIAOl7eDRZJnduBOxdbDUNHCxFqCQ8OyaEoPgdXCt+3Ylvt 0AQlZHoqwegdsUkp90XcPrOjZxF/Zzji+NqpEuAegSkQy7/JInHSPlcQbAhcTTE0gF SrXd7/j6zlZDDC7L12muUW2zkHk8KZrKrgmINpOVjs9m7nbpem/HJS/dsdwXwTbFlp yH48J6pMsCvvw==
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 44D88DA; Wed, 3 Jan 2024 10:41:19 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Robert Sparks <rjsparks@nostrum.com>, Brian Carpenter <brian.e.carpenter@gmail.com>, Julian Reschke <julian.reschke=40gmx.de@dmarc.ietf.org>, RFC Interest <rfc-interest@rfc-editor.org>
In-Reply-To: <d27bf8eb-9fce-41d2-9895-33d8f0ec9fac@nostrum.com>
References: <d2c2ffee-1af6-8441-7486-06115542690d@gmail.com> <13079.1704159169@obiwan.sandelman.ca> <ccb81ba5-d09c-a849-c32e-aaaa16cde968@gmail.com> <DM6PR02MB43774EE37D2FCB4C10A581F7D861A@DM6PR02MB4377.namprd02.prod.outlook.com> <c49f652f-e370-4e61-8e14-a8c61079617f@gmx.de> <CANMZLAZu_xTGor6tZdSE3RiW+gRvEN-snYLepgU_HQxL2EgcnQ@mail.gmail.com> <d27bf8eb-9fce-41d2-9895-33d8f0ec9fac@nostrum.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 28.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 03 Jan 2024 10:41:19 -0500
Message-ID: <18687.1704296479@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rfc-interest/qGC0obZGIfYw-ts6xGtn_A37w5I>
Subject: Re: [rfc-i] RECOMMENDS
X-BeenThere: rfc-interest@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "A list for discussion of the RFC series and RFC Editor functions." <rfc-interest.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/rfc-interest>, <mailto:rfc-interest-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rfc-interest/>
List-Post: <mailto:rfc-interest@rfc-editor.org>
List-Help: <mailto:rfc-interest-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/rfc-interest>, <mailto:rfc-interest-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jan 2024 15:41:28 -0000
Hmm. I'm responsible for the RFC8995 use of RECOMMENDS, in it's full context is: Sections 7.2.13 (2009 edition) and 8.10.3 (2018 edition) of [IDevID] discuss keyUsage and extendedKeyUsage extensions in the IDevID certificate. [IDevID] acknowledges that adding restrictions in the certificate limits applicability of these long-lived certificates. This specification emphasizes this point and therefore RECOMMENDS that no key usage restrictions be included. This is consistent with [RFC5280], Section 4.2.1.3, which does not require key usage restrictions for end-entity certificates. in the list that Brian posted, it seems to be the youngest use :-) We could have worded it: This specification emphasizes this point and therefore it is RECOMMENDED that no key usage restrictions be included. This is consistent with There definitely ought to be an "or else" for each SHOULD, and the "or else" here is that it likely will fail to interoperate with anything that is enforcing EKU. In our case, that is actually what the IDevID document(s) say, so we avoided repeating ourself, and I think that's okay. Using "SHOULD NOT" we could have written: This specification emphasizes this point and key usage restrictions SHOULD NOT be included. This is consistent with... I think that these revisions would have been just fine. I mostly agree with a few people (who unicasted me) that "it's all fine" Where I agree with Brian: "grep" and non-english speakers who wonder if there is some difference. And the XML/HTML markup needs fixing. -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
- [rfc-i] RECOMMENDS Brian E Carpenter
- Re: [rfc-i] RECOMMENDS Carsten Bormann
- Re: [rfc-i] RECOMMENDS Scott Bradner
- Re: [rfc-i] RECOMMENDS tjw ietf
- Re: [rfc-i] RECOMMENDS Brian E Carpenter
- Re: [rfc-i] RECOMMENDS Michael Richardson
- Re: [rfc-i] RECOMMENDS Michael Richardson
- Re: [rfc-i] RECOMMENDS Brian E Carpenter
- Re: [rfc-i] RECOMMENDS HANSEN, TONY
- Re: [rfc-i] RECOMMENDS Julian Reschke
- Re: [rfc-i] RECOMMENDS Brian Carpenter
- Re: [rfc-i] RECOMMENDS Robert Sparks
- Re: [rfc-i] RECOMMENDS Michael Richardson
- Re: [rfc-i] RECOMMENDS Andrew G. Malis
- Re: [rfc-i] RECOMMENDS Bob Hinden
- Re: [rfc-i] RECOMMENDS Julian Reschke
- Re: [rfc-i] RECOMMENDS Brian E Carpenter
- Re: [rfc-i] RECOMMENDS Michael Richardson
- Re: [rfc-i] RECOMMENDS Julian Reschke
- Re: [rfc-i] RECOMMENDS Martin Thomson