IETF Logo Mail Archive

Re: [arch-d] I-D Action: draft-iab-protocol-maintenance-08.txt

Martin Thomson <mt@lowentropy.net> Fri, 15 July 2022 01:42 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A026C14F726 for <architecture-discuss@ietfa.amsl.com>; Thu, 14 Jul 2022 18:42:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=XxKE8BqE; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=1sGxm91/
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wLgLkq57qI2R for <architecture-discuss@ietfa.amsl.com>; Thu, 14 Jul 2022 18:42:20 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 717D7C16ECD0 for <architecture-discuss@ietf.org>; Thu, 14 Jul 2022 18:42:20 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 44C215C00CC; Thu, 14 Jul 2022 21:42:19 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute3.internal (MEProxy); Thu, 14 Jul 2022 21:42:19 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:cc:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm1; t=1657849339; x=1657935739; bh=oC SDp0pDznNU1NlJHJuyUJSjfg9mcaF5YASH6VwvziY=; b=XxKE8BqEYNnOksJvp2 9R5/vZML7//L8OOrATxILFVTQONaEDUqivywHTWaFMYEu9tOEXy69EgHX2qi44pf YO6DyWt9gMBhD0RghhOzHLRtiIyYlRmHCoT0hwaptAT2dxgAM4PqYxW92Ry/7Gq4 SyclyOT5s2gwG7g93JBpFIEYGUVsqPO5t0pSLXvfb0CWgLfC8E3bO/MPOswyqtEJ dXA0Wh2ks9OkCNawQJwnRGJP5qLQ6WGyteLHEPbFGZ6q64thhPXx4cL/9uVpW1uO OuNNuYeC7x7bqaBp73SvXQsQZng+HiUQS2lc9tTZzuxU9USO+k2pr+nrJRv6sCwe N86Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1657849339; x=1657935739; bh=oCSDp0pDznNU1NlJHJuyUJSjfg9m caF5YASH6VwvziY=; b=1sGxm91/1enIgATCEnTd2TQKH6oYzFMJ7plkZHE/XITe LqRsQ3L6tE9qdoX1kunNjSYqhqRzBgBpiHAZZcKGO4o/g6KdCL4DyJfd+Q64w3lK 28lJkNz4xbXt227LDG8gHTiVbZShMx1gMJGqLzaAMzwLrOzayJacLuagYwf5hktH pDAT2cBBoCqQxSq20HYXruplj24hnKvFc4/BlTCB8jqeo1Zggn+SJW9PYxmZK3fb i+kDuQhLqlqkaP1Sup2nzEXJfOHdn3gxGYpvpriIl9z6xaZRUz0ttPMKEeeluRh6 UIcivcE69Xkvk1yeEaPMinabCVrxcOrwwLeWeFUhKg==
X-ME-Sender: <xms:-sXQYlwfkwEA6Mi9lZ-sluAeTr2XkEGxoZyon95Lrp913PmSDEi3Ug> <xme:-sXQYlQel9KauxenW0QX8q3vMJ8vto63HOiI1MfDXJOCRCePyGBNlqtjyeDWfhZXe _j8pmjbUwvr1xY2F-c>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudektddggeekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvvefutgesth dtredtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehl ohifvghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhephfdvtdevuefhieegtd ejgeevkeeutdeujeevueegudektdelgfdvledukeduvdegnecuffhomhgrihhnpehivght fhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhroh hmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:-sXQYvW5ZzQg3b5llsrwQBYmECcvi0rYA6pao1NH7cDFwFSmoT2jWA> <xmx:-sXQYni3-6lgLCR2ITo139yL1sXmwEzTJF1J_NhMdR6-140zJlwRLA> <xmx:-sXQYnCy5vVE-swgZJ9VQMb9U618Q1weh74WCE1sDgu0f7WZrSC18Q> <xmx:-8XQYs45FWji5PLAmNX7zn6YuD7oPnqpZ1Nq1GW2y8ZmS9u7h-eVQg>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id BC1F62340077; Thu, 14 Jul 2022 21:42:18 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.7.0-alpha0-755-g3e1da8b93f-fm-20220708.002-g3e1da8b9
Mime-Version: 1.0
Message-Id: <e4c3342f-1af3-4e07-8ed2-52354719b5fa@beta.fastmail.com>
In-Reply-To: <a13312c7-fb6f-1b25-3a85-f9f34d3f4d49@joelhalpern.com>
References: <165757861882.5604.10456894596583178055@ietfa.amsl.com> <482ad0ea-a64d-5156-445e-9a00ff2a7103@gmail.com> <CABcZeBPPL7a-0RdczMvDUmjwfRRd7qnBb=8nRJQ7Ni4oDJNSJg@mail.gmail.com> <a13312c7-fb6f-1b25-3a85-f9f34d3f4d49@joelhalpern.com>
Date: Fri, 15 Jul 2022 11:41:59 +1000
From: Martin Thomson <mt@lowentropy.net>
To: "Joel M. Halpern" <jmh@joelhalpern.com>, Eric Rescorla <ekr@rtfm.com>
Cc: "iab@iab.org IAB" <iab@iab.org>, architecture-discuss@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/HKa30bGCFn9SxCsZ4zYn-sjnbrg>
Subject: Re: [arch-d] I-D Action: draft-iab-protocol-maintenance-08.txt
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jul 2022 01:42:25 -0000

I agree with Joel here.  A lot of this comes down to circumstances.  RFC 7606 shows how BGP does it and there are almost as many different rules as there are TLVs.

But I think the important thing is, as Joel notes again: this needs to be written down so that implementations behave consistently and predictably.  And the spec needs to match what is actually deployed, unlike pre-RFC 7606 BGP where the spec said one thing and basically everyone did something else.

The extensibility piece is pretty well-trodden ground already, but again spec and deployment should agree.

On Fri, Jul 15, 2022, at 11:06, Joel Halpern wrote:
> I suspect that the correct answer from a design perspective depends 
> upon other aspects of the protocol.
>
> It is clearly reasonable for the protocol designers as part of the spec 
> to say "malformed messages MUST be ignore", or even "malformed messages 
> MUST result in a connection reset" (whatever connection means).  if the 
> WG writes that in, then that is the correct response.
>
> Whether the WG should write those rules, or other more permissive 
> rules, depends I expect on the consequences of problems.  For example, 
> one could also write a rule that says that any duplicate or out of 
> order TLVs cause the rest of the TLVs to be ignored".  Thus allowing 
> efficient parsing but not causing as much disruption.  Whether that is 
> right or wrong depends upon the implications of the choices.  
>
> I can imagine a whole range of nuances and possibilities.  
>
> The more interesting case from a protocol robustness point of view is 
> what a receiver should do when everything looks right, but the specific 
> type code is not understood.  I would again hope that the spec answers 
> that question.  But I would also hope and expect implementors to fall 
> back to the robustness principle when and if the spec doesn't say.  
>
> Yours,
>
> Joel
>
> On 7/14/2022 8:46 PM, Eric Rescorla wrote:
>> I'm finding myself a little unsure on where exactly to locate
>> the disagreements here. Perhaps a hypothetical would help.
>> 
>> Suppose we have a protocol that consists of a set of tag-length-values
>> fields. A message consists of a length field followed by a list of
>> TLVs.  The protocol defines the following requirements for how a
>> message is constructed:
>> 
>> 1. A given tag MUST only appear once
>> 2. TLVs MUST appear in ascending tag order (this can help
>>    detect violations of the previous condition)
>> 
>> Question 1: How should implementations behave upon receiving the
>> following messages, absent any other spec guidance?
>> 
>> - Tags: 1, 2, 2  [Violates rule 1]
>> - Tags: 1, 3, 2  [Violates rule 2]
>> 
>> 
>> Question 2: Should we provide specification guidance for how to handle
>> these rule violations, and if so, how?
>> 
>> Question 3: Do you think the answers depend on other properties of the
>> protocol? If so, what are they?
>> 
>> -Ekr
>> 
>>    
>> 
>> On Tue, Jul 12, 2022 at 4:44 PM Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>>> I still find it hard to accept that there is community consensus for
>>> this document as it stands. Most of what its says is correct but it
>>> still seems to unreasonably claim universal scope.
>>> 
>>> Some suggestions:
>>> 
>>> Title: The Robustness Principle May Have Harmful Consequences
>>> 
>>> Last sentence of Abstract:
>>> For some types of protocol that are actively maintained, the
>>> robustness principle can, and should, be avoided.
>>> 
>>> And a few changes in the main text such as:
>>> OLD:
>>> Time and experience shows that negative consequences to interoperability accumulate over time if implementations apply the robustness principle.
>>> 
>>> NEW:
>>> Time and experience shows that negative consequences to interoperability sometimes accumulate over time if implementations apply the robustness principle.
>>> 
>>> Even with changes like this, I'm not sure everyone will agree.
>>> 
>>> Regards
>>>     Brian Carpenter
>>> 
>>> On 12-Jul-22 10:30, internet-drafts@ietf.org wrote:
>>> > 
>>> > A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>> > This draft is a work item of the Internet Architecture Board IETF of the IETF.
>>> > 
>>> >          Title           : The Harmful Consequences of the Robustness Principle
>>> >          Authors         : Martin Thomson
>>> >                            David Schinazi
>>> >    Filename        : draft-iab-protocol-maintenance-08.txt
>>> >    Pages           : 15
>>> >    Date            : 2022-07-11
>>> > 
>>> > Abstract:
>>> >     The robustness principle, often phrased as "be conservative in what
>>> >     you send, and liberal in what you accept", has long guided the design
>>> >     and implementation of Internet protocols.  The posture this statement
>>> >     advocates promotes interoperability in the short term, but can
>>> >     negatively affect the protocol ecosystem over time.  For a protocol
>>> >     that is actively maintained, the robustness principle can, and
>>> >     should, be avoided.
>>> > 
>>> > 
>>> > The IETF datatracker status page for this draft is:
>>> > https://datatracker.ietf.org/doc/draft-iab-protocol-maintenance/
>>> > 
>>> > There is also an HTML version available at:
>>> > https://www.ietf.org/archive/id/draft-iab-protocol-maintenance-08.html
>>> > 
>>> > A diff from the previous version is available at:
>>> > https://www.ietf.org/rfcdiff?url2=draft-iab-protocol-maintenance-08
>>> > 
>>> > 
>>> > Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
>>> > 
>>> > 
>>> > _______________________________________________
>>> > I-D-Announce mailing list
>>> > I-D-Announce@ietf.org
>>> > https://www.ietf.org/mailman/listinfo/i-d-announce
>>> > Internet-Draft directories: http://www.ietf.org/shadow.html
>>> > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>>> 
>>> _______________________________________________
>>> Architecture-discuss mailing list
>>> Architecture-discuss@ietf.org
>>> https://www.ietf.org/mailman/listinfo/architecture-discuss
>> 
>> _______________________________________________
>> Architecture-discuss mailing list
>> Architecture-discuss@ietf.org
>> https://www.ietf.org/mailman/listinfo/architecture-discuss
> _______________________________________________
> Architecture-discuss mailing list
> Architecture-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/architecture-discuss

v2.23.0 | Report a Bug | By Email