On 6/23/2017 2:25 AM, Dearlove, Christopher (UK) wrote: > Joe Touch wrote: >> Liberal means that if it's possibly valid, you should accept it as such. > That necessitates the protocol designer explicitly flagging some things as invalid. That's quite typical. Many protocols clearly indicate explicit invalid cases. > Obvious example is a should be signed message lacking a signature. If taking the most liberal view (as above) the protocol needs to say something like "if the signature is missing or invalid, then the message must be rejected". I don't think that's anything new, I've seen it done. > > I can see at least the following cases where making intent clear is, in my opinion at least, a good idea: > - Security and other sensitive cases of failure. Need to say explicitly reject. When not specified, "silently ignore" is another option. > - Mechanisms designed for extensions. While the Postel principle makes it unnecessary to say so, it really doesn't hurt saying that a message shouldn't be rejected just for this reason. Agreed. > - Where what you receive is a container of multiple things (messages in a packet, TLVs in a message). Making the assumed dependence/independence clear doesn't hurt (if rejecting/ignoring one, does this impact on the others?). > > That's not something that spirals out of control in size, a couple of sentences would cover most cases. Right - the Postel Principle isn't a license to be lazy in either a protocol spec or implementation. Joe