zlacker

[parent] [thread] 2 comments
1. dragon+(OP)[view] [source] 2022-01-27 21:37:36
SHOULD NOT and MUST NOT are very different from a compliance perspective.

The former usually means something between nothing at all and “you can do it but you have to write paperwork that no one will actually read in detail, but someone will maybe check the existence of, if you do”.

The latter means “do it and you are noncompliant”.

replies(2): >>dlltho+B4 >>gkop+Yq
2. dlltho+B4[view] [source] 2022-01-27 21:59:17
>>dragon+(OP)
https://datatracker.ietf.org/doc/html/rfc2119 is a good reference, although those precise definitions may or many not be in effect in any particular situation (including this one).

See also https://datatracker.ietf.org/doc/html/rfc6919

3. gkop+Yq[view] [source] 2022-01-27 23:52:27
>>dragon+(OP)
Thanks for pointing out the improvement over NIST, it wasn’t clear to me. But did you mean to reply to my parent? Both the draft and the current language say SHOULD NOT. I’d rather “must”, but will settle for “should”; the NIST docs have certainly made my work easier. Hopefully NIST improves, and perhaps this memo will help!

The essential purpose of my comment was only to correct my parent on the date.

[go to top]