[as an individual]
On 1/2/19 12:10 PM, John R Levine wrote:
The 2119 words MUST and MAY are used to signify requirements;
although that does imply interoperability as well. This statement is
associated with making the verification code functional, since the
verification code represents a signed and typed verification pointer,
it must point to something.
I don't understand why. The code is a signed token. Imagine the
registry goes back to the signer asks about token 123-foo666 and the
answer is "We're the Ministry, we signed it, of course it's valid.
The details are secret."
While that would not be my favorite way to work, and I can easily
imagine other scenarios with auditing and transparency business
requirements, why wouldn't that interoperate?
If we're concerned merely with interoperation, the same is true of most
-- if not all -- normative keywords used in "Security Considerations"
sections. Your position might (or might not) be correct, but the logic
of "2119 language is only used for interoperabilty reasons" simply isn't
true.
/a
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
