fixing MAYs, etc.

[jhdalek55]

I've entered changes identified off-line by @iramcdonald. This removes all the lowercase examples must and may, and uses the uppercase version of SHALL and SHOULD where needed.

[iramcdonald]

Hi Patti,

Yes - it's a very bad idea to use any conformance keywords uncapitalized. They are restricted words in all IETF, ISO, ITU, SAE, TCG, GlobalPlatform, and other international standards. The correct use of conformance keywords and their importance to OEMs has been discussed several times on Uptane Standard calls with a strong consensus to follow international standards usage.

This is of primary importance to enable automotive OEMs to specify the Uptane Standard and Uptane Deployment Best Practices in their RFPs to suppliers.

Cheers,

• Ira

Ira McDonald (Musician / Software Architect)

Chair - SAE Trust Anchors and Authentication TF Co-Chair - TCG Trusted Mobility Solutions WG

Co-Chair - TCG Metadata Access Protocol SG

*Chair - Linux Foundation Open Printing WGSecretary - IEEE-ISTO Printer Working GroupCo-Chair - IEEE-ISTO PWG Internet Printing Protocol WGIETF Designated Expert - IPP & Printer MIBBlue Roof Music / High North Inchttp://sites.google.com/site/blueroofmusic http://sites.google.com/site/blueroofmusichttp://sites.google.com/site/highnorthinc http://sites.google.com/site/highnorthincmailto: @. @.>(permanent) PO Box 221 Grand Marais, MI 49839 906-494-2434*

On Thu, Jan 27, 2022 at 12:18 PM Patti Vacek @.***> wrote:

@.**** commented on this pull request.

Y'all know better than me, but is it really such a bad idea to use these words uncapitalized? I think some of these formulations are unnecessarily obtuse without those words.

— Reply to this email directly, view it on GitHub https://github.com/uptane/uptane-standard/pull/233#pullrequestreview-865196176, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE33UO6DU6Q5E5TEO5T763TUYF46VANCNFSM5MWF2RLQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>

[jhdalek55]

@trishankatdatadog @tkfu @mnm678 or others, can we get a review so we can merge this before Tuesday?

[jhdalek55]

@iramcdonald, can you check Marina's suggestions and let me know we should accept them?

[iramcdonald]

Hi Lois and Marina,

Sorry for missing this one.

DELETE the quote entirely. It's from chapter 6 Guidelines in the use of these Imperatives. I have never seen it quoted before in any IETF, IEEE, SAE, TCG, or other standard that uses RFC 2119 conformance keywords. I don't even think this guidance is correct in the current world - RFC 2119 is 25 years old!

Cheers,

• Ira

Ira McDonald (Musician / Software Architect)

Chair - SAE Trust Anchors and Authentication TF Co-Chair - TCG Trusted Mobility Solutions WG

Co-Chair - TCG Metadata Access Protocol SG

*Chair - Linux Foundation Open Printing WGSecretary - IEEE-ISTO Printer Working GroupCo-Chair - IEEE-ISTO PWG Internet Printing Protocol WGIETF Designated Expert - IPP & Printer MIBBlue Roof Music / High North Inchttp://sites.google.com/site/blueroofmusic http://sites.google.com/site/blueroofmusichttp://sites.google.com/site/highnorthinc http://sites.google.com/site/highnorthincmailto: @. @.>(permanent) PO Box 221 Grand Marais, MI 49839 906-494-2434*

On Wed, Feb 2, 2022 at 10:29 PM Lois Anne DeLong @.***> wrote:

@iramcdonald https://github.com/iramcdonald, can you check Marina's suggestions and let me know we should accept them?

— Reply to this email directly, view it on GitHub https://github.com/uptane/uptane-standard/pull/233#issuecomment-1028569389, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE33UO3275OUZCL2WWDVNGTUZHZDBANCNFSM5MWF2RLQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>

[jhdalek55]

OK. I'll delete the quote and commit the other suggestions.

[iramcdonald]

Hi Lois,

Excellent change - "essential for security" is much broader and more accurate than "required for interoperation" (which ignores confidentiality, availability, etc.).

Cheers,

• Ira

Ira McDonald (Musician / Software Architect)

Chair - SAE Trust Anchors and Authentication TF Co-Chair - TCG Trusted Mobility Solutions WG

Co-Chair - TCG Metadata Access Protocol SG

*Chair - Linux Foundation Open Printing WGSecretary - IEEE-ISTO Printer Working GroupCo-Chair - IEEE-ISTO PWG Internet Printing Protocol WGIETF Designated Expert - IPP & Printer MIBBlue Roof Music / High North Inchttp://sites.google.com/site/blueroofmusic http://sites.google.com/site/blueroofmusichttp://sites.google.com/site/highnorthinc http://sites.google.com/site/highnorthincmailto: @. @.>(permanent) PO Box 221 Grand Marais, MI 49839 906-494-2434*

On Thu, Feb 3, 2022 at 9:33 AM Lois Anne DeLong @.***> wrote:

@.**** commented on this pull request.

In uptane-standard.md https://github.com/uptane/uptane-standard/pull/233#discussion_r798623507 :

MAY This word or the adjective "OPTIONAL," mean that an item is truly optional.

In order to be considered Uptane-compliant, an implementation SHALL follow all of these rules as specified in the document.

-Note that, following the recommendations of {{RFC2119}} imperatives of the type defined here "must be used with care and sparingly. In particular, they MUST only be used where it is actually required for interoperation or to limit behavior which has potential for causing harm (e.g., limiting retransmisssions)

+Note that, following the recommendations of {{RFC2119}}, imperatives of the type defined here "will be used with care and sparingly. In particular, they will only be used where it is actually required for interoperation or to limit behavior which has potential for causing harm (e.g., limiting retransmisssions)

⬇️ Suggested change

-Note that, following the recommendations of {{RFC2119}}, imperatives of the type defined here "will be used with care and sparingly. In particular, they will only be used where it is actually required for interoperation or to limit behavior which has potential for causing harm (e.g., limiting retransmisssions)

+Note that, following the recommendations of {{RFC2119}}, imperatives of the type defined here will be used only where they are essential for security.

— Reply to this email directly, view it on GitHub https://github.com/uptane/uptane-standard/pull/233#discussion_r798623507, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE33UO4DUMC2A3X6GVGVGXDUZKG3TANCNFSM5MWF2RLQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>

[jhdalek55]

@iramcdonald Please check...I had a question here about a SHALL to SHOULD change. If this is OK, we can merge this. We can't finalize the release while this is still together.

[iramcdonald]

Hi Lois,

Sorry - I missed that one in this long thread - yes, I'd change the two SHALLs in this paragraph to SHOULDs, especially because they were originally MAY and also because these are quality-of-implementation checks that might hit edge conditions.

---

+1. The Director SHALLSHOULD check the manifest for accuracy compared to the information in the inventory database. If any of the required checks fail, the Director SHALLSHOULD drop the request. An implementer can make additional checks if desired. At a minimum, the Director SHALL check the following:

---

Cheers,

• Ira

Ira McDonald (Musician / Software Architect)

Chair - SAE Trust Anchors and Authentication TF Co-Chair - TCG Trusted Mobility Solutions WG

Co-Chair - TCG Metadata Access Protocol SG

*Chair - Linux Foundation Open Printing WGSecretary - IEEE-ISTO Printer Working GroupCo-Chair - IEEE-ISTO PWG Internet Printing Protocol WGIETF Designated Expert - IPP & Printer MIBBlue Roof Music / High North Inchttp://sites.google.com/site/blueroofmusic http://sites.google.com/site/blueroofmusichttp://sites.google.com/site/highnorthinc http://sites.google.com/site/highnorthincmailto: @. @.>(permanent) PO Box 221 Grand Marais, MI 49839 906-494-2434*

On Wed, Feb 9, 2022 at 1:39 PM Lois Anne DeLong @.***> wrote:

@iramcdonald https://github.com/iramcdonald Please check...I had a question here about a SHALL to SHOULD change. If this is OK, we can merge this. We can't finalize the release while this is still together.

— Reply to this email directly, view it on GitHub https://github.com/uptane/uptane-standard/pull/233#issuecomment-1034076738, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE33UO5Q3XFTAZN33SZRI43U2KYGLANCNFSM5MWF2RLQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>

[jhdalek55]

Ok. I changed them both to SHOULDs. This commit has now been reviewed. @mnm678 can you please formally approve and then merge?

[jhdalek55]

I think this is ready to merge. I can't do that. Can I get a volunteer to do this?