Searching for a quote
mike at mtcc.com
Fri Mar 13 07:17:02 UTC 2015
On 03/12/2015 11:52 PM, Eygene Ryabinkin wrote:
> Thu, Mar 12, 2015 at 05:31:54PM -0700, Michael Thomas wrote:
>> Jon Postel. I'm told that it is out of favor these days in protocol-land,
>> from a security standpoint if nothing else.
> The principle has nothing to do with security: it doesn't mean "accept
> all junk that comes in". It is about interoperability of different
> implementation and means "use the smallest possible subset of the
> protocol when you're sending, but be prepared to accept any subset
> of protocol messages when you're receiving". Eric Allman's ACM paper,
> is a good reading for this, I believe.
The original principle had little thought toward security, and i was
there for the row for which Eric's paper was almost certainly inspired by
(started it, actually). In the early days, a lot of people to took it as
trying very hard to make sense of the broken -- far beyond rfc 2119's
musts and shoulds. A lot of people regret that now for a lot of reasons,
including security. I still have mixed emotions about abandoning it.
More information about the NANOG