IETF Logo Mail Archive

Re: [arch-d] deprecating Postel's principle- considered harmful

Henning Schulzrinne <hgs@cs.columbia.edu> Thu, 09 May 2019 00:38 UTC

Return-Path: <hgs10@columbia.edu>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFDCC12014E for <architecture-discuss@ietfa.amsl.com>; Wed, 8 May 2019 17:38:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2ZHpEtK9_UyX for <architecture-discuss@ietfa.amsl.com>; Wed, 8 May 2019 17:38:34 -0700 (PDT)
Received: from outprodmail02.cc.columbia.edu (outprodmail02.cc.columbia.edu [128.59.72.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C22C1201DE for <architecture-discuss@ietf.org>; Wed, 8 May 2019 17:38:31 -0700 (PDT)
Received: from hazelnut (hazelnut.cc.columbia.edu [128.59.213.250]) by outprodmail02.cc.columbia.edu (8.14.4/8.14.4) with ESMTP id x490ZoQT043287 for <architecture-discuss@ietf.org>; Wed, 8 May 2019 20:38:30 -0400
Received: from hazelnut (localhost.localdomain [127.0.0.1]) by hazelnut (Postfix) with ESMTP id 0D53C80 for <architecture-discuss@ietf.org>; Wed, 8 May 2019 20:38:30 -0400 (EDT)
Received: from sendprodmail01.cc.columbia.edu (sendprodmail01.cc.columbia.edu [128.59.72.13]) by hazelnut (Postfix) with ESMTP id EBD2282 for <architecture-discuss@ietf.org>; Wed, 8 May 2019 20:38:29 -0400 (EDT)
Received: from mail-ot1-f70.google.com (mail-ot1-f70.google.com [209.85.210.70]) by sendprodmail01.cc.columbia.edu (8.14.4/8.14.4) with ESMTP id x490cTNV013961 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <architecture-discuss@ietf.org>; Wed, 8 May 2019 20:38:29 -0400
Received: by mail-ot1-f70.google.com with SMTP id 72so278381otv.23 for <architecture-discuss@ietf.org>; Wed, 08 May 2019 17:38:29 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EGQOZ9gBaoxHWNEPYbsDvC0fFIYRBZ+U2atSA9rRmyE=; b=XZDcr8q0EpDkVTb5dvD7Cay/TQQZiODdmd5XBZsI2xi3oiL3QQ74OnvVGdxB33EdM8 9vlKLmoomQlpvUI/fELk62sNfiwYSH7umv4rRxaQhKDbWVx9okv4vStqAhMVjpq7v132 +pkUwqAbfofyT4hBoVono9oZ3ao4hFlVSR3rHGVduMfMKgqQa5PhHbxCO3KwTWYlj9YS 3fhsVW6zcyo+z06bRT8DjjekdP4gwHPz/XjDwJzBoCgKdrhOc8lO7emJmMMQmgYq2bcT JKcOBThGjiv04tVx5WJY/TwQ/5oTpDrC84fAzkoT1EFX8hk2pDHqpu19+1kspVPoVkRi 1UBw==
X-Gm-Message-State: APjAAAUouWcMJq+ve9y6XjkLJPysR8xhjyQCJ6u9ZOnDae/l7fdvyklj fMKBT/AuxJhFU03zhr8sAXfWouT8Lq9IxGl6XRVDpti+h7QkjnYLdKeK7YqHg7IDdqfmEItfkPn d49noW1ylUO0BWdrHREhIiz8pRRGaWQwsOGxW+AAmPFk8p9hVuQ==
X-Received: by 2002:aca:ec0f:: with SMTP id k15mr395246oih.43.1557362308415; Wed, 08 May 2019 17:38:28 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxQK/7o35yOwVOlyEHhgU6hxGZAadCdUc3BGe5jgO6LZ7q5yMQe0h4NGWdHIZAh06x1fz99wxVgUO1Uk8SQbjk=
X-Received: by 2002:aca:ec0f:: with SMTP id k15mr395229oih.43.1557362307976; Wed, 08 May 2019 17:38:27 -0700 (PDT)
MIME-Version: 1.0
References: <F64C10EAA68C8044B33656FA214632C89F024CD3@MISOUT7MSGUSRDE.ITServices.sbc.com> <CALaySJJDHg5j9Z7+noS=YXoNROqdsbJ6coEECtLtbJ6fWJ3xsQ@mail.gmail.com> <CAA=duU1TxZx9W8huPp5md25Wf+9=f50WYGpU=Bb1OQ+OdF6k6A@mail.gmail.com> <CACgrgBYs95Q4hb=y-6i7SW9mEx9Bg-gp0TrpAYpsP-aODSx+YA@mail.gmail.com> <eb979c24-e9d2-4ebb-1d4b-94b8c9aa16e1@huitema.net> <CACgrgBahawkXbyXoYHbwYSkfCG9zxn6M8jgwswDpcFjfZVcffw@mail.gmail.com> <6095149F-F4BE-400D-BD1E-F25BC60FDA8A@isc.org>
In-Reply-To: <6095149F-F4BE-400D-BD1E-F25BC60FDA8A@isc.org>
From: Henning Schulzrinne <hgs@cs.columbia.edu>
Date: Wed, 08 May 2019 20:38:01 -0400
Message-ID: <CACgrgBa9O07CHOJg7LsxgHX=TNV1i=vmG8-ByS4kMJpbbsXf-w@mail.gmail.com>
To: Mark Andrews <marka@isc.org>
Cc: Christian Huitema <huitema@huitema.net>, "ietf@ietf.org" <ietf@ietf.org>, "architecture-discuss@ietf.org" <architecture-discuss@ietf.org>, "iab@iab.org" <iab@iab.org>, The IESG <iesg@ietf.org>, Barry Leiba <barryleiba@computer.org>
Content-Type: multipart/alternative; boundary="000000000000276870058869ab8d"
X-No-Spam-Score: Local
X-Scanned-By: MIMEDefang 2.84 on 128.59.72.13
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/BOeiWTj9CVFdBjxI8XMhFMpJUoo>
Subject: Re: [arch-d] deprecating Postel's principle- considered harmful
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 May 2019 00:38:36 -0000

I'm glad to hear that this works, at least when there are resources
available to do all the things you did (test site, coordination, outreach,
...). I think it would be helpful if the draft could point to such
examples, and maybe failed examples, of how to get out of the
bad-liberalism condition. I suspect that this is workable where the
dominant implementations are open source and where the open source
developers maintain close ties to the IETF community. Maybe we do need a
protocol police in the IETF :-) ("Sir, do you know that you didn't signal
properly?")

Henning

On Tue, May 7, 2019 at 7:52 PM Mark Andrews <marka@isc.org> wrote:

> The fix for that is to implement the new feature and get customers to log
> bug reports against the other implementation.  It does work.  Even Fortune
> 500 companies listen to their customers.
>
> Implementations can be fixed and with regular update mechanisms in place
> the fixes do get deployed.
>
> In early 2018 the open source DNS vendors declared a flag day on Feb 1,
> 2019.
> We where no longer going to treat timeout as “the server doesn’t
> understand EDNS”.
> I.e. we where intending to deliberately break interoperation with servers
> that
> where stuck in the last century.  We set up a site where you could test
> your
> servers to see if your servers where broken.   We also had that site report
> a whole lot of other EDNS protocol violation.  You got RED if there was a
> fatal fault, ORANGE if any other fault was detected and GREEN if the server
> passed the test queries.  The number of sites which would get RED was << 1
> in
> 10000.
>
> We advertised this flag day, in a number of places.  The testing server got
> overwhelmed and DNS vendors with broken servers got thousands of “this
> site says your product is broken, when are you going to fix it” complaints.
> Implementations got fixed and the fixes got deploy.  This included firewall
> vendors fixing their default blocking rule.
>
> https://ednscomp.isc.org/ has lots of graphs which show failures of
> various
> populations of servers and how things changed in the lead up to Feb 1 and
> later fixes being released and deployed.  In particular
> https://ednscomp.isc.org/compliance/ts/au.optfail.html show Microsoft
> fixing
> their servers (see the “echoed” line).  The Jan 28 was when they fixed
> their
> Azure service.  The drop around April 11 is when fix pushed out in the
> March
> patch Tuesday release started to take effect.
>
> The March 1 failure spike was when one of the links from the testing site
> started dropping DNS UPD packets but passed DNS TCP packets.  It took a
> couple of days to track down the bad (wrong style for the conductor) RJ48
> connector that caused that failure.
>
> > On 8 May 2019, at 8:53 am, Henning Schulzrinne <hgs@cs.columbia.edu>
> wrote:
> >
> > It's kind of the inverse robustness problem - lots of perfectly-well
> documented protocol features are not usable in practice since they break
> "lazy", but important, implementations. The SIP crowd will remember the
> endless discussions about MIME multipart.
> >
> > In those cases, it would probably be wise to simply declare that a
> well-intentioned feature is no longer recommended for new implementations
> and possibly look for alternative options. (We seem to get into the
> circular arguments of "We need X", "use standard mechanism M to do X", "but
> none of the major implementations do M and are unlikely to in the
> foreseeable future", "but we cannot have two ways to do X and M is actually
> a better idea"; wait two years; repeat. Alternative: people develop a
> kludge that kind of works.)
> >
> > The old, rarely-exercised, promotion-to-Draft-Standard step was supposed
> to catch this, but that process protocol path obviously was also rarely
> exercised.
> >
> > Henning
> >
> >
> > And then for a counter example, also related to IPv6. The IPv6 specs
> > allows implementations to insert a variety of intermediate headers
> > between the IPv6 header and the transport packet, but many router
> > implementations just don't like that and slow down or drop packets if
> > such intermediate routers are present. A case where the spec is arguably
> > too permissive, or the implementations too strict.
> >
> > -- Christian Huitema
> >
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742              INTERNET: marka@isc.org
>
>

v2.23.0 | Report a Bug | By Email