[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Security: Words of wisdom from RFC 2119
In the course of researching our approach to normative keywords, I re-read RFC 2119 and noticed this, which I’d previously overlooked, and which I thought you’d all appreciate: 7. Security Considerations These terms are frequently used to specify behavior with security implications. The effects on security of not implementing a MUST or SHOULD, or doing something the specification says MUST NOT or SHOULD NOT be done may be very subtle. Document authors should take the time to elaborate the security implications of not following recommendations or requirements as most implementors will not have had the benefit of the experience and discussion that produced the specification. We did this to some extent when we wrote the spec language to prohibit the use of HTML in rich messages, but Michael has asked me to add some stronger language there. Look for an editorial change in the next few days. Larry |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]