[Ietf-calsify] Issue 80: security considerations section --
proposal
Aki Niemi
aki.niemi at nokia.com
Thu Jun 14 02:47:20 PDT 2007
ext Reinhold Kainhofer wrote:
>> This is a point that has been discussed a lot. It is true that RFC2119
>> text should only be used when there is an actual implementation choice
>> that is observable from the outside. Here, I agree that a "MUST" is just
>> hand-waiving, so I'm ok making it a "must" instead.
>
> I think it's rather a SHOULD (or a should?). It'a really up to the groupware
> server developers/designers and out of scope for the data format definition.
> If a server team has good reasons against implementing some security measure,
> it's their business, not ours.
Yes, agree. And this is why it says capabilities. It's always in the
admin's or user's discretion whether to turn them on.
Cheers,
Aki
More information about the Ietf-calsify
mailing list