On 16/06/2017 17:55, Julian Reschke wrote: > On 2017-06-15 20:28, Bob Hinden wrote: >> .. > I agree. >> >> It also seems to me that having implementations "fail noisily in response to bad or undefined inputs" is a great formula to making implementations very fragile and consequently very easy to attack. Overall, I think the approach outlined in this draft would not have allowed us to build the current Internet. > > ... > > There's a distinction between failing as in "catching fire and > exploding" (bad) and "signalling an error and not processing a request" > (what Martin is describing). That isn't obvious to the casual reader. But anyway, if you are under DDOS attack, signalling an error rather than just releasing the mbuf may be all the difference between system failure and survival*. I think it's very dangerous to generalise. Brian *That's why I often delete emails unread & unanswered :-) > >> Bob >> >> p.s. The file name chosen for this draft appears to be a good example of stepping on the toes of those who came before, instead of standing on their shoulders. See: http://wiki.c2.com/?ShouldersOfGiants > > It was an excellent way to get attention. I think it's excellent that we > are having this discussion. > > Best regards, Julian >