OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

sarif message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Security: Words of wisdom from RFC 2119

In the course of researching our approach to normative keywords, I re-read RFC 2119 and noticed this, which I’d previously overlooked, and which I thought you’d all appreciate:

   7. Security Considerations

   These terms are frequently used to specify behavior with security

   implications.  The effects on security of not implementing a MUST or

   SHOULD, or doing something the specification says MUST NOT or SHOULD

   NOT be done may be very subtle. Document authors should take the time

   to elaborate the security implications of not following

   recommendations or requirements as most implementors will not have

   had the benefit of the experience and discussion that produced the



We did this to some extent when we wrote the spec language to prohibit the use of HTML in rich messages, but Michael has asked me to add some stronger language there. Look for an editorial change in the next few days.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]