> On Jun 14, 2017, at 3:44 PM, Brian E Carpenter <brian.e.carpenter@xxxxxxxxx> wrote: > > On 15/06/2017 08:20, Joel M. Halpern wrote: > ... >> I would be very unhappy to see us take the lesson from cases where we >> were sloppy to be that we should tell everyone to have their >> implementations break at the slightest error. > > Indeed. We need implementations to be as robust as possible. […] > > Looking at the core of the draft: > > Protocol designs and implementations should fail noisily in > response to bad or undefined inputs. > > that seems a very reasonable principle for *prototype* and > *experimental* implementations, and a lousy one for production > code, where the response to malformed messages should be much > more nuanced; +1 Put another way - the goal of a _specification_ is to coordinate the actions of multiple, independent implementors, across different circumstances, environments, depths of knowledge, etc. etc. etc. The goal of an _implementation_ is to serve its users as best as it can when that coordination is not quite perfect. These are decidedly not the same thing. cheers, -john