Re: deprecating Postel's principle- considered harmful

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On May 8, 2019, at 6:13 AM, Dave Cridland <dave@xxxxxxxxxxxx> wrote:



On Wed, 8 May 2019 at 14:18, Joe Touch <touch@xxxxxxxxxxxxxx> wrote:


On May 8, 2019, at 12:05 AM, Dave Cridland <dave@xxxxxxxxxxxx> wrote:

*NONE* of it is about tolerating bugs or errors, nor is it about allowing arbitrary behavior for senders. 


Sure about that?

From RFC 760:

That is, it should be careful to send well-formed datagrams, but should accept any datagram that it can interpret (e.g., not object to technical errors where the meaning is still clear).

The parenthetical example is explicitly stating that a datagram with a technical error should still be accepted.

Your cut off the part about the meaning being clear.

And technical error doesn’t necessarily mean bug. It could mean specification error.

If you stick with the “meaning is clear” part, it’s safe. It’s when we get into what things might, could, or probably mean that there be dragons.

I accept your points, but if the meaning were genuinely unambiguously clear, it'd likely have been in the specification

Take a look at RFC errata; you’ll find many counterexamples. Few (if any) protocol specifications are not exhaustively complete.

- the problem is that when there's some kind of technical error, what is and is not clear becomes very much in the eye of the implementer.

It’s true that the issues often come to light in implementations, but that’s a bit like saying spelling errors are caused by editing.

So while I did indeed fixate on that "technical errors" to the exclusion of "the meaning is still clear", that's because it's the technical error bit that I think is the technical error here.

This is also why I drew attention to the RFC 1122 Section 1.2.2 restatement and lengthy discussion - I don't see anything I could reasonably disagree with there, yet both the first RFC to discuss the principle (RFC 760 above) and the last (RFC 1958) both seem problematic to me.

760 includes “where the meaning is still clear”.

1958 just says “tolerate” - which doesn’t mean “accept as valid”. 

In all cases, IMO the Postel Principle just expresses a level of agnosticism that, at a human level, is often expressed as “give others the benefit of the doubt” (when receiving) and “don’t push your luck” when sending.

When you get deep into trying to infer intent (as some in the IETF have done regarding defending against so-called “attacks” that are indistinguishable from benign errors), you end up in trouble. The same problem occurs if you’re too strict in every exchange in both directions.

Joe
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux