It's been 20 years today (Oct 16, UTC). Hard to believe.

• Previous message (by thread): It's been 20 years today (Oct 16, UTC). Hard to believe.
• Next message (by thread): It's been 20 years today (Oct 16, UTC). Hard to believe.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/17/2018 12:43 PM, Florian Weimer wrote:
> * Laszlo Hanyecz:
>
>> On 2018-10-17 02:35, Michael Thomas wrote:
>>> I believe that the IETF party line these days is that Postel was wrong
>>> on this point. Security is one consideration, but there are others.
>> Postel's maxim also allowed extensibility.  If our network code rejects
>> (or crashes) on things we don't currently understand and use, it ensures
>> that they can't be used by apps that come along later either.  The
>> attitude of rejecting everything in the name of security is what has
>> forced app developers to tunnel APIs and everything else inside HTTP/DNS.

Let's be clear: crashing is a software bug. It has nothing to do with 
Postel.

On the extensibility part, that is for the protocol itself to define, 
and it should be explicit. If the protocol says to reject, then you must 
reject. I'm not sure if extensibility one of the global protocol check 
offs, but it certainly should be part of any stander.

> To be fair, a lot of these components that make extending protocols
> hard are both receivers and senders.  If they are asked to forward
> garbage, then something has to give.

Yes, the protocol should tell you what to do. If it doesn't, its deficient.

Mike

• Previous message (by thread): It's been 20 years today (Oct 16, UTC). Hard to believe.
• Next message (by thread): It's been 20 years today (Oct 16, UTC). Hard to believe.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]