[secdir] RFC2119 vs "ought" etc, was: SECDIR review of draft-ietf-httpbis-p7-auth-24

Julian Reschke <julian.reschke@gmx.de> Wed, 30 October 2013 13:10 UTC

Return-Path: <julian.reschke@gmx.de>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 9015F11E818D for <secdir@ietfa.amsl.com>; Wed, 30 Oct 2013 06:10:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.933
X-Spam-Status: No, score=-103.933 tagged_above=-999 required=5 tests=[AWL=-1.334, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id g8-YV7TdXeGu for <secdir@ietfa.amsl.com>; Wed, 30 Oct 2013 06:10:04 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net []) by ietfa.amsl.com (Postfix) with ESMTP id 82AFF21E80B6 for <secdir@ietf.org>; Wed, 30 Oct 2013 06:09:55 -0700 (PDT)
Received: from [] ([]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0MVNWU-1VAgc23AEA-00Ykif for <secdir@ietf.org>; Wed, 30 Oct 2013 14:09:54 +0100
Message-ID: <5271051E.4040908@gmx.de>
Date: Wed, 30 Oct 2013 14:09:50 +0100
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Stephen Kent <kent@bbn.com>, secdir <secdir@ietf.org>, fielding@gbiv.com, mnot@pobox.com, Barry Leiba <barryleiba@computer.org>, Pete Resnick <presnick@qti.qualcomm.com>, "Mankin, Allison" <amankin@verisign.com>, HTTP Working Group <ietf-http-wg@w3.org>
References: <52700DE4.8020208@bbn.com>
In-Reply-To: <52700DE4.8020208@bbn.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K0:Mnbgqz+z/i2Rq8IW9yCpvebn765Hrc5EBqymnYydJaSVd1YylA2 csev4HxroTP39ihhB/Acz1dvpUFnT9EYmfb+rzmUKlUsW3xYcAT5AXXkRTCAg9Sv5QBd+pP tKbgbSEUCqmwUrhu3DekUDZ2BImFHp9XwjuHGUCnuDG6rMBrI5IxqWbgccQbtj+wLRZyyY/ TgUQNkbVYmjqEtbyiyCow==
Subject: [secdir] RFC2119 vs "ought" etc, was: SECDIR review of draft-ietf-httpbis-p7-auth-24
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2013 13:10:19 -0000


thanks for the feedback.

On 2013-10-29 20:35, Stephen Kent wrote:
> ...
> I see that “ought” is used in two places on page 6, but not in uppercase
> as per RFC 6919. The authors should revisit the use of this term here.
> ...
> The end of Section 2.2 includes the word “might” but not uppercase, as
> per RFC 6919. I again suggest that the authors reconsider using this
> term in this context.
> ...
> Section 5.1.2 uses “ought” when discussing definitions for new
> authentication schemes. See comments above re use of this term.The same
> section also uses the phrase “need to” twice, where MUST seems appropriate.
> ...

We use "ought", "might" etc to disambiguate from RFC2119 keywords. As 
such it's intentional that they are not uppercased, and that we do not 
reference RFC 6919 (which, by the way, is dated April 1st).

Best regards, Julian