Re: [secdir] secdir review of draft-ietf-appsawg-rrvs-header-field
"Murray S. Kucherawy" <superuser@gmail.com> Thu, 20 March 2014 08:36 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46E671A07C9; Thu, 20 Mar 2014 01:36:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eb_Hmw4jXeFq; Thu, 20 Mar 2014 01:36:52 -0700 (PDT)
Received: from mail-pd0-x22e.google.com (mail-pd0-x22e.google.com [IPv6:2607:f8b0:400e:c02::22e]) by ietfa.amsl.com (Postfix) with ESMTP id DE2D81A0654; Thu, 20 Mar 2014 01:36:51 -0700 (PDT)
Received: by mail-pd0-f174.google.com with SMTP id y13so603074pdi.5 for <multiple recipients>; Thu, 20 Mar 2014 01:36:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=WIu74Gm2jsspMJsJGvqkManN7Mb9aeLdnQR2nnzJmfE=; b=wBih1gp+lg+yVJ0udBnKc4XWdRqJa3OIG1vXHOE5ayTUCoBLI9hjWJJlIcF1loy/fq oBuGK3fvMLLy0/Yvw86tR50aW2KM9+AWjAqZb9TkkaT68MsTxHG7lYn7kqtDH3Avz570 IbbdZcVkUJROkuPuQtaRwY0a91updPelPpF9M/JiqOMgZFvO3rU+nvhiz7jzS7e5e2oM tSuvh+bViAzPw7N8NvHAnzGy9+1UzPVQp9HZaXVvEfTy4o3xK4IaEQ7tBDhq5jB8kch+ f6nqaLRGKvPoxPanout+fpgrpYuLiXxgpR1Ex4/0Cegzuo6cuhYmxPyn611cZseyTP/w andw==
MIME-Version: 1.0
X-Received: by 10.68.196.202 with SMTP id io10mr23196420pbc.149.1395304603096; Thu, 20 Mar 2014 01:36:43 -0700 (PDT)
Received: by 10.66.220.102 with HTTP; Thu, 20 Mar 2014 01:36:42 -0700 (PDT)
In-Reply-To: <187A7B1DA239514F9146FC78B19AADE30B6CC737@xmb-aln-x10.cisco.com>
References: <187A7B1DA239514F9146FC78B19AADE30B6CAE6A@xmb-aln-x10.cisco.com> <CAL0qLwYqNKmVH8ruEGBoh3A8h04hazda3X2q6ONuQHC4penTCQ@mail.gmail.com> <187A7B1DA239514F9146FC78B19AADE30B6CC737@xmb-aln-x10.cisco.com>
Date: Thu, 20 Mar 2014 01:36:42 -0700
Message-ID: <CAL0qLwYNLuUfYCmwV8dnohZEu_yX9Z883dJoMeo+HPis027gDQ@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
To: "Shaun Cooley (shcooley)" <shcooley@cisco.com>
Content-Type: multipart/alternative; boundary="e89a8fb208a6389b4204f505ab6a"
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/n0Z_tdZnEXaIMcV0fbel0VD2uJ8
Cc: "draft-ietf-appsawg-rrvs-header-field.all@tools.ietf.org" <draft-ietf-appsawg-rrvs-header-field.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-appsawg-rrvs-header-field
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Mar 2014 08:36:54 -0000
On Wed, Mar 19, 2014 at 11:31 PM, Shaun Cooley (shcooley) < shcooley@cisco.com> wrote: > While RFC 3552 ("Guidelines for Writing RFC Text on Security > Considerations") does not specify whether or not Security Considerations > should include normative language, both of the examples in section 6 (SMTP > and VRRP) include normative language: > > > > - 6.1.1.2 - two uses of SHOULD NOT > > - 6.1.1.3 - two uses of SHOULD > > - 6.1.1.7 - two uses of SHOULD > > - 6.2.1.1 - one use of SHOULD > > - 6.2.1.2 - one use of RECOMMENDED > > - 6.2.1.3 - two uses of RECOMMENDED > > > > I don't see why we wouldn't want to include normative language in the > Security Considerations - especially SHOULD. The definition from > BCP14/RFC2119 of "*there may exist valid reasons in particular > circumstances to ignore a particular item, but the full implications must > be understood and carefully weighed before choosing a different course*" > seems like exactly what the Security Considerations are getting at: "the > authors thought about this, and suggest you do X, unless you have a > specific reason and fully understand the implications of not following the > authors' suggestion". > > > I can't recall the exact reason why it's been said that RFC2119 language ought not be used in Security Considerations (or similar) prose, or which document's development cycle brought it up, but my general recollection is that those words were intended to convey aspects of interoperability having to do with protocol elements, and not otherwise. It would appear this opinion has formed since RFC3552 was published, since obviously there's a conflict between them. But like I said, it does seem to vary depending on who and when one is asking. Could also be the person(s) who told me this are actually plain wrong. I'm happy to take direction from the sponsoring AD on this one. -MSK
- [secdir] secdir review of draft-ietf-appsawg-rrvs… Shaun Cooley (shcooley)
- Re: [secdir] secdir review of draft-ietf-appsawg-… Murray S. Kucherawy
- Re: [secdir] secdir review of draft-ietf-appsawg-… Shaun Cooley (shcooley)
- Re: [secdir] secdir review of draft-ietf-appsawg-… Murray S. Kucherawy
- Re: [secdir] secdir review of draft-ietf-appsawg-… Stephen Farrell
- Re: [secdir] secdir review of draft-ietf-appsawg-… Alexey Melnikov
- Re: [secdir] secdir review of draft-ietf-appsawg-… Barry Leiba
- Re: [secdir] secdir review of draft-ietf-appsawg-… Murray S. Kucherawy
- Re: [secdir] secdir review of draft-ietf-appsawg-… Barry Leiba
- Re: [secdir] secdir review of draft-ietf-appsawg-… Murray S. Kucherawy