> > On Oct 28, 2017, at 04:00, Brian E Carpenter <brian.e.carpenter@xxxxxxxxx> wrote: > > > > Some of us were very badly burned, in one way or another, > > by formal conformance tests of OSI implementations the > > best part of 30 years ago. > It can be argued that improper use of formal description techniques (FDTs) > was one of the main factors that killed off OSI. > http://www.cs.columbia.edu/~hgs/papers/2011/Dagstuhl%2011042.pdf > http://boemund.dagstuhl.de/mat/index.en.phtml?11042 > http://boemund.dagstuhl.de/mat/Files/11/11042/11042.PrasAiko.Slides.pdf You can make that argument, but in the case of email at least, you would be incorrect. The most that can be said is that formal methods did not help. In the case of email, the central problem was the actual protocol design was at odds with reality. Implementing X.400 was expensive and tedious, but we managed. Passing the various required conformance tests was even more tedious, and occasionally nasty because there were a number of cases where the tests were flat-out wrong, and getting the testing folks to look at what the standards actually said was difficult. (It was generally easier to implement options to break our implementation.) But real nightmware was deployment and trying to achieve interoperability. That basically never happened. I still remember the day I realized that the X.400 had failed. It was at a EMA meeting discussing how to make the file transfer body part do something useful. The chair passed around a sign-up sheet, but as he did so said something like, "Be sure to put down your Internet address; most of X.400 addresses you folks provided last time didn't work." When you've botched things to the point where a room full of experts in the field cannot even manage to write down a working address, you're toast. Ned