[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldapext] Re: Review of draft-wahl-ldap-adminaddr
On May 30, 2007, at 9:36 AM, Mark Wahl wrote:
Kurt Zeilenga wrote:
I reviewed this draft on behalf of the Apps Area Review team and
the LDAP Directorate.
Thanks for your comments on these drafts! I'll be reviewing your
emails and will respond shortly with more details.
I do find the uses of SHOULD in the Security Consideration section
kind of odd. Use
of RFC 2119 keywords should be limited to specification of
implementation requirements.
If so, then RFC 2119 should be revised to incorporate that limitation,
as I don't see that stated in 2119, and I observe in recently
published
proposed standard RFCs the use of RFC 2119 terminology in the security
considerations sections to make statements beyond implementation
requirements, e.g., RFC 4875 "Specifications of applications within
the
IETF MUST specify this mechanism" or RFC 4872 "RSVP signaling MUST be
able to provide authentication and integrity".
There are plenty of examples of RFC 2119 keywords being oddly used...
(including RFC 2119 itself). As I wasn't intending to start a debate on
use of RFC 2119 keywords, I suggest you can take my RFC 2119
comments as
indicating a concern that the document may not be clear as whom its
requirements are placed upon. For instance,
"The server's access control policy SHOULD allow this information to
be visible to a suitable administrator in the same organization.
can be taken to mean:
The server SHOULD restricted allowable access control policies to
those
which cause this information to be visible to suitable
administrators in
the same organization.
Which, if implemented in a server, would be quite bad.
To avoid such confusion, I recommend you only use RFC 2119 keywords
to impart
requirements upon implementations of the specification and to word
recommendations
to server administrators as guidance.
-- Kurt
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext