[rfc-i] RFC2119 requirements language in security considerations?

=JeffH Jeff.Hodges at KingsMountain.com
Tue Mar 29 14:16:50 PDT 2016


AFAICT, there is no "offical" admonition against one using RFC2119 
requirements language in security/privacy considerations sections, e.g...

###
6.  Security Considerations

6.1.  Downgrade Attacks

    ..blah..blah.. The signature algorithm and key length
    used in the foobar of type "bazfratz" MUST match the parameters
    negotiated via [foo] extension.
###

..however, it's been expressed in various places on-lists and verbally that 
some reviewers will object to it, and I was just wondering whether there's 
someplace this guidance and rationale is written down where one can point 
others at it.

thanks,

=JeffH













More information about the rfc-interest mailing list