Explicitly reject vs silently ignore. I took the latter to be a an instance of the latter, because I meant explicit in terms of the specification, not the implementation. Wording could obviously have been better. I could see rejection being noisy, silent or somewhere in between. -- Christopher Dearlove Senior Principal Engineer BAE Systems Applied Intelligence Laboratories __________________________________________________________________________ T: +44 3300 467500 | E: chris.dearlove@xxxxxxxxxxxxxx BAE Systems Applied Intelligence, Chelmsford Technology Park, Great Baddow, Chelmsford, Essex CM2 8HN. www.baesystems.com/ai BAE Systems Applied Intelligence Limited Registered in England & Wales No: 01337451 Registered Office: Surrey Research Park, Guildford, Surrey, GU2 7YP -----Original Message----- From: Joe Touch [mailto:touch@xxxxxxx] Sent: 23 June 2017 18:36 To: Dearlove, Christopher (UK); Petr Špaček; ietf@xxxxxxxx Subject: Re: I-D Action: draft-thomson-postel-was-wrong-01.txt ----------------------! WARNING ! ---------------------- This message originates from outside our organisation, either from an external partner or from the internet. Consider carefully whether you should click on any links, open any attachments or reply. Follow the 'Report Suspicious Emails' link on IT matters for instructions on reporting suspicious email messages. -------------------------------------------------------- On 6/23/2017 2:25 AM, Dearlove, Christopher (UK) wrote: > Joe Touch wrote: >> Liberal means that if it's possibly valid, you should accept it as such. > That necessitates the protocol designer explicitly flagging some things as invalid. That's quite typical. Many protocols clearly indicate explicit invalid cases. > Obvious example is a should be signed message lacking a signature. If taking the most liberal view (as above) the protocol needs to say something like "if the signature is missing or invalid, then the message must be rejected". I don't think that's anything new, I've seen it done. > > I can see at least the following cases where making intent clear is, in my opinion at least, a good idea: > - Security and other sensitive cases of failure. Need to say explicitly reject. When not specified, "silently ignore" is another option. > - Mechanisms designed for extensions. While the Postel principle makes it unnecessary to say so, it really doesn't hurt saying that a message shouldn't be rejected just for this reason. Agreed. > - Where what you receive is a container of multiple things (messages in a packet, TLVs in a message). Making the assumed dependence/independence clear doesn't hurt (if rejecting/ignoring one, does this impact on the others?). > > That's not something that spirals out of control in size, a couple of sentences would cover most cases. Right - the Postel Principle isn't a license to be lazy in either a protocol spec or implementation. Joe ******************************************************************** This email and any attachments are confidential to the intended recipient and may also be privileged. If you are not the intended recipient please delete it from your system and notify the sender. You should not copy it or use it for any purpose nor disclose or distribute its contents to any other person. ********************************************************************