[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Issue 79; digest-auth realm validation



Avi Lior writes...

> I think that the actions such as informing the operator is 
> informative text and not normative text and therefore we should 
> use lowercase "SHOULD".

Two comments: First, which parts of an RFC are typically considered
informative? The various "Considerations" sections? Others? Second, I
don't think that using lower case to indicate informative usage is a
good idea, as it leads to confusion.
 
> Note that the IMO the whole discussion should be included in the
security
> section.

I guess that depends on whether one wishes to include a solution to the
issues/concerns within the body of the specification, or simply to
lament about the lack of (inability to provide) a solution in the
Security Considerations section.  :-)



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>