On 15.6.2017 00:31, Joe Touch wrote: > On 6/14/2017 8:41 AM, Petr Špaček wrote: >> To sum it up, decision what is acceptable and what is unacceptable >> should be in protocol developer's hands. > That should be in the specification. > > What the specification leaves open, implementations should respect and > honor as allowed. This is exactly the point where our opinions differ. My point of view is that specification should clearly define extension points and implementations should: a) Use Postel's principle within defined 'extension' points. b) Treat any deviation from documented protocol (including non-defined aspects of protocol outside of extension points) as an error. Nice set of reasons for being strict when receiving messages is described in the following article: "A Patch for Postel's Robustness Principle", Len Sassaman, Meredith L. Patterson, Sergey Bratus, 2012 IEEE S&P Journal, http://langsec.org/papers/postel-patch.pdf Also, the whole web http://langsec.org/ is an interesting read. -- Petr Špaček @ CZ.NIC