RFC 2119 in a nutshell

Published on in Miscellaneous

Last updated on

RFC 2119 defines key words such as "MUST," "MUST NOT," "REQUIRED" and "SHALL" that are often used in specifications. Here's a summary of the key word definitions.

Some specifications, like Semantic Line Breaks and Semantic Versioning, include this piece of text at the beginning – as RECOMMENDED by RFC 2119:

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

Here's a summary of what each of the key words mean:

MUST = REQUIRED = SHALL
An absolute requirement.
MUST NOT = SHALL NOT
An absolute prohibition.
SHOULD = RECOMMENDED
Ignore only with good reasons.
SHOULD NOT = NOT RECOMMENDED[1]
Ignore only with good reasons.
MAY = OPTIONAL
Truly optional, but if included, the implementation MUST be interoperable with another implementation which does not include the option, and vice versa.

The RFC also raises these points for specification authors:

  • The key words MUST be used only when required for interoperability or limiting potentially harmful behavior.
  • The security implications between MUST and SHOULD, as well as between MUST NOT and SHOULD NOT, may be very subtle, so the differences SHOULD[2] be elaborated.

Now go read the RFC, it's actually very short and clear.

Footnotes

  1. The key word "NOT RECOMMENDED" is missing from the recommended introductory phrase, but it's paired with "SHOULD NOT" in the RFC. ↩ī¸Ž

  2. The word "should" is not capitalized in this part of the RFC, but it seems like a missed opportunity so I capitalized it. ↩ī¸Ž