Re: [secdir] RFC2119 vs "ought" etc, was: SECDIR review of draft-ietf-httpbis-p7-auth-24
Barry Leiba <barryleiba@computer.org> Wed, 30 October 2013 15:04 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E2C811E8267 for <secdir@ietfa.amsl.com>; Wed, 30 Oct 2013 08:04:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.953
X-Spam-Level:
X-Spam-Status: No, score=-101.953 tagged_above=-999 required=5 tests=[AWL=0.025, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XmtKJnVUxULl for <secdir@ietfa.amsl.com>; Wed, 30 Oct 2013 08:04:22 -0700 (PDT)
Received: from mail-qa0-x22d.google.com (mail-qa0-x22d.google.com [IPv6:2607:f8b0:400d:c00::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 3784D21F9D15 for <secdir@ietf.org>; Wed, 30 Oct 2013 08:04:06 -0700 (PDT)
Received: by mail-qa0-f45.google.com with SMTP id ii20so3776569qab.18 for <secdir@ietf.org>; Wed, 30 Oct 2013 08:04:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=2Mp7ePHlaMQUXjGhW/l8RtqTgoU4lMWEPjeV8mkoCKQ=; b=bp38qjw7ALo7lXcR5OLC5hop43t/yzEAfmEzvf1orQMilb03EaZxMKG6/2Q9A+2k9F nHeZRMEuJat/tFMY0GpZ6/RVw/ADbBgVwOJA017ayV1zCAMVtOA+HP+CR8iyJfyPEvWl 9zV1/ZCacPQXi0DQp/m23/1ekHCTJ9ocXZbj7JWIl26RKwc1uSV2Bd8U1FTt377ee3eV u+yoH8DlmjkgaikOu2ob/XM2q99eIc1Xh5ZbAdmU7V2nK5X+HCNHPE8gciQ1M6jfxZL4 KEl2Ch3hnnIdx23iVtc3IOVHH7tX+BSMtZq66S5baSsmmiS3qsQnKc25Wgi5NDaX6Y+O 5gYg==
MIME-Version: 1.0
X-Received: by 10.49.94.72 with SMTP id da8mr7086364qeb.67.1383145445691; Wed, 30 Oct 2013 08:04:05 -0700 (PDT)
Sender: barryleiba@gmail.com
Received: by 10.224.67.130 with HTTP; Wed, 30 Oct 2013 08:04:05 -0700 (PDT)
In-Reply-To: <CAL02cgT+UZ18Lvm68rbKBzTHsfeO9Bf=us0W3a8dsMdc2boA6g@mail.gmail.com>
References: <52700DE4.8020208@bbn.com> <5271051E.4040908@gmx.de> <CAL02cgRdWK77ZCu32KA2p3_5+CrmC9v=fyUMBJXgQrT1qSUz4g@mail.gmail.com> <5271105A.10105@gmx.de> <CAL02cgT+UZ18Lvm68rbKBzTHsfeO9Bf=us0W3a8dsMdc2boA6g@mail.gmail.com>
Date: Wed, 30 Oct 2013 11:04:05 -0400
X-Google-Sender-Auth: EGS89iv12Cn1o2oUfThjkPZwHAc
Message-ID: <CALaySJL8C0zj0Br5x=FzJg1uGSEZiOoU5AEYXALqBvh8NRXREw@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Richard Barnes <rlb@ipv.sx>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: Pete Resnick <presnick@qti.qualcomm.com>, secdir <secdir@ietf.org>, Julian Reschke <julian.reschke@gmx.de>, "fielding@gbiv.com" <fielding@gbiv.com>, "Mankin, Allison" <amankin@verisign.com>, HTTP Working Group <ietf-http-wg@w3.org>, "mnot@pobox.com" <mnot@pobox.com>
Subject: Re: [secdir] RFC2119 vs "ought" etc, was: SECDIR review of draft-ietf-httpbis-p7-auth-24
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2013 15:04:23 -0000
>>> Why do you feel the need to avoid SHOULD and MAY here? They don't place >>> any more burden on implementors than "ought" and "might". >>> --Richard >> >> I believe in following the guidance in RFC 2119: > > The key word there, though, is "imperatives". Nothing we're talking about > here is an imperative, just a recommendation (or RECOMMENDATION). Skimming > through the instances of "ought to" in the document, it seems like they all > meet the definition of "SHOULD" in 2119, i.e., things that implementations > should only diverge from if they have a good reason. (In fact, there are > some that seem like they should be "MUST", but that's a different topic.) First: I think it's a good idea, in a document that defines protocol, to separate the requirements for the protocol from the recommendations for implementation aspects that speak to quality of implementation and user experience, but that don't affect protocol operation (and interoperation). Second, because the use of "should", "must", "may", and "recommended" in lower case is controversial (for reasons that I don't agree with, but never-you-mind that), I think using alternatives (as, for example, proposed here, which was not intended for 1 April publication: http://tools.ietf.org/html/draft-hansen-nonkeywords-non2119 ) is a fine thing. Third, these situations in the httpbis documents *are* things that don't affect the protocol. How should a browser treat [whatever]? Well, a browser that makes bad choices could be considered a crummy browser, so giving advice is good and useful. But the server won't know nor care, so this isn't a protocol issue. I don't think, therefore, that in a protocol document we should use 2119 language for that. Save the 2119 language for the protocol. Fourth, this is starting to get into nitty wordsmithing (the part about whether "ought" is a good word... not the part about whether it's normative or not), which I don't think is really appropriate at this stage of document development. That is, it's fine to bring it up editorial things for the editors to consider, but pushing on them at the expense of time spent on substantive issues doesn't seem wise at this stage. Barry
- [secdir] SECDIR review of draft-ietf-httpbis-p7-a… Stephen Kent
- [secdir] RFC2119 vs "ought" etc, was: SECDIR revi… Julian Reschke
- Re: [secdir] SECDIR review of draft-ietf-httpbis-… Julian Reschke
- Re: [secdir] RFC2119 vs "ought" etc, was: SECDIR … Richard Barnes
- Re: [secdir] RFC2119 vs "ought" etc, was: SECDIR … Julian Reschke
- Re: [secdir] RFC2119 vs "ought" etc, was: SECDIR … Stephen Kent
- [secdir] WWW-Authenticate parsing quirks, was: SE… Julian Reschke
- Re: [secdir] SECDIR review of draft-ietf-httpbis-… Stephen Kent
- Re: [secdir] SECDIR review of draft-ietf-httpbis-… Julian Reschke
- Re: [secdir] RFC2119 vs "ought" etc, was: SECDIR … Richard Barnes
- Re: [secdir] RFC2119 vs "ought" etc, was: SECDIR … Barry Leiba
- [secdir] Reuse of credentials per realm, was: SEC… Julian Reschke
- Re: [secdir] Reuse of credentials per realm, was:… Stephen Kent
- Re: [secdir] Reuse of credentials per realm, was:… Julian Reschke
- [secdir] proxies and forwarding of credentials, w… Julian Reschke
- [secdir] additional mechanisms on top of the auth… Julian Reschke
- Re: [secdir] Reuse of credentials per realm, was:… Stephen Kent
- Re: [secdir] additional mechanisms on top of the … Julian Reschke
- Re: [secdir] additional mechanisms on top of the … Nico Williams
- Re: [secdir] proxies and forwarding of credential… Bjoern Hoehrmann
- Re: [secdir] additional mechanisms on top of the … Bjoern Hoehrmann
- Re: [secdir] additional mechanisms on top of the … Bjoern Hoehrmann
- Re: [secdir] additional mechanisms on top of the … Stephen Kent
- Re: [secdir] additional mechanisms on top of the … Julian Reschke
- Re: [secdir] proxies and forwarding of credential… Stephen Kent
- Re: [secdir] proxies and forwarding of credential… Mark Nottingham
- Re: [secdir] additional mechanisms on top of the … Julian Reschke
- Re: [secdir] proxies and forwarding of credential… Stephen Kent