Erik: Inconsistency in Security Considerations regarding not passing FRAG, NOP, and EOL to the upper layer

[Mike-Heard]

In https://mailarchive.ietf.org/arch/msg/tsvwg/SjPKGD-yxp2-Cf7TFGyKCCA7e8I/, Erik Auerswald wrote:

There seems to be a small inconsistency at the end of section 24, "Security Considerations":

The second to last paragraph starts with the sentence:

 "Some UDP options are never passed to the receiving application,
  notably FRAG, NOP, and EOL."

But the last paragraph of the same section uses SHOULD instead of MUST for this:

 "Such implementations SHOULD ensure FRAG, NOP, and EOL are not
  passed to the receiving user[...]"

I would expect that "SHOULD" to be a "MUST" for any implementation.

[Mike-Heard]

I concur that this is an error, but I would go further: since FRAG, NOP, and EOL are never passed to the receiving user/application, just change the last sentence to:

Such implementations SHOULD return options in an order not related to their sequence in the received packet.

[gorryfair]

@Mike-Heard This does not read correctly to me: / Such implementations SHOULD return options in an order not related to their sequence in the received packet./

• This reads as if an implementation would have to somehow reorder the sequence. I don't think that was intended.