Summary of RFC 2119

Published on – Tags:

RFC 2119 defines key words such as "MUST," "MUST NOT," "REQUIRED" and "SHALL" that are often used in specifications. Here's a summary of the key word definitions.

Some specifications, like Semantic Line Breaks and Semantic Versioning, include this piece of text at the beginning – as RECOMMENDED by RFC 2119:

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

Here's a summary of what each of the key words mean:

  • "MUST" = "REQUIRED" = "SHALL"
    = An absolute requirement.
  • "MUST NOT" = "SHALL NOT"
    = An absolute prohibition.
  • "SHOULD" = "RECOMMENDED"
    = Ignore only with good reasons.
  • "SHOULD NOT" = "NOT RECOMMENDED"[1]
    = Ignore only with good reasons.
  • "MAY" = "OPTIONAL"
    = Truly optional, but if included, the implementation MUST be interoperable with another implementation which does not include the option, and vice versa.

The RFC also raises these points for specification authors:

  • The key words MUST be used only when required for interoperability or limiting potentially harmful behavior.
  • The security implications between MUST and SHOULD as well as MUST NOT and SHOULD NOT may be very subtle, so the differences SHOULD[2] be elaborated.

Now go read the RFC, it's actually very short and clear.

Footnotes

  1. The key word "NOT RECOMMENDED" is missing from the recommended introductory phrase, but it's paired with "SHOULD NOT" in the RFC. ↩ī¸Ž

  2. The word "should" is not capitalized in this part of the RFC, but it seems like a missed opportunity so I capitalized it. ↩ī¸Ž