IETF Logo Mail Archive

Re: [arch-d] deprecating Postel's principle- considered harmful

"Andrew G. Malis" <agmalis@gmail.com> Tue, 07 May 2019 20:48 UTC

Return-Path: <agmalis@gmail.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CDA7120139; Tue, 7 May 2019 13:48:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MNBgh_h7SsGA; Tue, 7 May 2019 13:48:33 -0700 (PDT)
Received: from mail-qt1-x82b.google.com (mail-qt1-x82b.google.com [IPv6:2607:f8b0:4864:20::82b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A9991201D1; Tue, 7 May 2019 13:48:33 -0700 (PDT)
Received: by mail-qt1-x82b.google.com with SMTP id a17so6593764qth.3; Tue, 07 May 2019 13:48:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pg2iIaOuv28YiIsocuq+3vfhkyclNEZfyHfYkVWhZjQ=; b=ZDK0Ulb5HzfPge9X33l+JtZcxrrBNOLyoLm3JRuxVJmiOQgtudWnaHw7eht/wyaUfz C8gpS3omZ+ixoHZgBJNcf4DwZ33GlM2STxWt/6PhOllSbP1/0FpBF3FnKqavX+WHaWOb NU3EFLHGtNkJjRYLUTR06d+28U3Xo7oqPJJixVTZU9YhNM6qyYVHWYzanuKNN6zlZAKQ HnezImO0IJa7KfXpsRIy0jvx/a2Hbi3f6XgBkhs+tB0tTUMh5FU7/s3ZXcuKwych+Pnk tLppCWUaSMtG88Qgfmay6Aq/rEA6UtuT3e4Sff1OSVHnfk0L/llV6O6agX66JnmG1LtW uUcg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pg2iIaOuv28YiIsocuq+3vfhkyclNEZfyHfYkVWhZjQ=; b=YJ5dggk+PGd4KWWRGt9fM4iH7GqPg61IdUU7v19Cwi952BEoaJ5hliGE83Kmt32u5M Kgyu9xirg8kPqZrM/IiZZvsUgJ3UJXqa25rG/fPMWNYIm8+zN4Gq8QKkIR8YB5M8xCUj pHdpIJOZw+ZoMySomnFwJ9QoGIKoSy+QdeLCyjgvX9icJo+b0FsO5j9ZrD3qBp2N1YxV kkzMbmLC5jiiT5dXGWZKEDd7lp8QTFE+WHAIVB026aPGTp7yNYcKyrk3Rc34SL3piZTR UASA2Gob73jZ72Y9a02TeU5ED3iloCRjyhCJLmm7gZvu864TD687ipgn4DBUlT5sfgVj ifzg==
X-Gm-Message-State: APjAAAUR1Ji20AM7UqRdHDXzp+6JVM5O05zqVdtQNhdl0nEFrT5oYHT7 Afdccz2FnVP6zAhqjku5lWt7ApPaoY/SNilXL7o=
X-Google-Smtp-Source: APXvYqxuXZAgayT2xi5WVdnlDidpjbSdSO94d+0BJxO/XekDkidQw4hXXKDunFy4Shn+QJTzo1XyQ4ank7r9yjer5Qw=
X-Received: by 2002:ac8:2e38:: with SMTP id r53mr24731910qta.192.1557262112102; Tue, 07 May 2019 13:48:32 -0700 (PDT)
MIME-Version: 1.0
References: <F64C10EAA68C8044B33656FA214632C89F024CD3@MISOUT7MSGUSRDE.ITServices.sbc.com> <CALaySJJDHg5j9Z7+noS=YXoNROqdsbJ6coEECtLtbJ6fWJ3xsQ@mail.gmail.com>
In-Reply-To: <CALaySJJDHg5j9Z7+noS=YXoNROqdsbJ6coEECtLtbJ6fWJ3xsQ@mail.gmail.com>
From: "Andrew G. Malis" <agmalis@gmail.com>
Date: Tue, 07 May 2019 16:48:20 -0400
Message-ID: <CAA=duU1TxZx9W8huPp5md25Wf+9=f50WYGpU=Bb1OQ+OdF6k6A@mail.gmail.com>
To: Barry Leiba <barryleiba@computer.org>
Cc: "BRUNGARD, DEBORAH A" <db3546@att.com>, The IESG <iesg@ietf.org>, "iab@iab.org" <iab@iab.org>, "architecture-discuss@ietf.org" <architecture-discuss@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000039dd105885257be"
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/NtwriQhL0drSeLHwOzou9uGa54M>
Subject: Re: [arch-d] deprecating Postel's principle- considered harmful
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 May 2019 20:48:38 -0000

Barry,

Except in the cases that you cite (badly formed messages in email and web
applications), the Postel principle isn't being followed, as the senders
are not being strict in what they send.

The intention, really, was to prevent implementations of a
particular version of a specification that, for example, had a field or bit
that Must Be Zero, from discarding an incoming message just because that
field or bit wasn't actually zero. This allows a protocol to be updated
without requiring a flag day or forklift.

So what you're trying to prevent is poor application programming that
doesn't follow the spec (any revision). I don't agree that poor application
programming is a result of the Postel principle, it's a result of
incompetence or laziness.

Cheers,
Andy


On Tue, May 7, 2019 at 4:30 PM Barry Leiba <barryleiba@computer.org> wrote:

> I think the questions Deborah raises are layer-dependent, and it's
> likely that I agree with Martin more than Deborah does exactly because
> Martin and I live at the same layers.
>
> > It just erroneously blames Postel for sloppy implementations.
>
> Blaming the principle isn't the same as blaming Postel; the point here
> isn't so much that "Postel was wrong" as it is that there are many
> consequences of adhering to that principle that Jon didn't anticipate.
> The classic cases here are in email and web applications, where what
> one might call "loose" use of the protocols has resulted in some real
> messes.  Acceptance of badly formed messages has led to widespread
> sending of badly formed messages, to the point that it's caused
> problems with the integrity of the email system.  In web applications,
> poor implementation of things like character set and content type
> labelling has resulted in great difficulty in figuring out what
> character sets and content types are really meant.
>
> So the general thing is that if we were *not* liberal in what we
> accepted, from the start, aberrant implementations would never have
> worked in the first place, and would either have been fixed or died on
> the vine.  And that would have been far better for the Internet as a
> whole than what we have now, at least at the higher stack layers.
>
> My sense is that at the lower stack layers, we're *not* actually very
> liberal in what we accept, at least not in general.  Saying, there,
> that the principle we're talking about is correct and good for the
> Internet is really saying that the principle works only when it's used
> sparingly and in targeted ways.
>
> Barry
>
>
> Barry
>
> On Tue, May 7, 2019 at 3:18 PM BRUNGARD, DEBORAH A <db3546@att.com> wrote:
> >
> > Not seeing much discussion on this document on the lists, I put a twist
> on the title-
> >
> > I find the document (as currently written) is incorrectly interpreting
> the robustness principle as saying there is no need for clear rules on
> protocol evolvability/extensions. For example, section 6, "relying on
> implementations to consistently apply the robustness principle is not a
> good strategy for extensibility". In the routing area, we do have rules and
> we use the principle to ensure interoperability, as we don't have the
> luxury to do a "forklift". Section 8's "it is not always possible to
> produce a design that allow all current protocol participants to continue
> to participate", my question would be "but does it harm the network"?
> >
> > Actually most of the document confusingly is not contradicting Postel's
> principle but supporting it (except for the nuances which seem to condone
> forklifts). It just erroneously blames Postel for sloppy implementations.
> For the document to summarize saying "the robustness principle can, and
> should, be avoided" as it is harmful (I think) will be harmful to the
> Internet.
> >
> > Hopefully more folks will read it-
> > (probably discussion is more appropriate on the architecture-discuss
> list)
> > Deborah
> >
> > -----Original Message-----
> > From: IAB <iab-bounces@iab.org> On Behalf Of internet-drafts@ietf.org
> > Sent: Monday, May 06, 2019 10:40 PM
> > To: i-d-announce@ietf.org
> > Cc: iab@iab.org
> > Subject: [IAB] I-D Action: draft-iab-protocol-maintenance-03.txt
> >
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> > This draft is a work item of the Internet Architecture Board IETF of the
> IETF.
> >
> >         Title           : The Harmful Consequences of the Robustness
> Principle
> >         Author          : Martin Thomson
> >         Filename        : draft-iab-protocol-maintenance-03.txt
> >         Pages           : 11
> >         Date            : 2019-05-06
> >
> > Abstract:
> >    Jon Postel's famous statement of "Be liberal in what you accept, and
> >    conservative in what you send" is a principle that has long guided
> >    the design and implementation of Internet protocols.  The posture
> >    this statement advocates promotes interoperability in the short term,
> >    but can negatively affect the protocol ecosystem over time.  For a
> >    protocol that is actively maintained, the robustness principle can,
> >    and should, be avoided.
> >
> >
> > The IETF datatracker status page for this draft is:
> >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Diab-2Dprotocol-2Dmaintenance_&d=DwICaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=6UhGpW9lwi9dM7jYlxXD8w&m=VZUxXboWY44rtZcmcswiLQuQ8TmW6g7F7Azgl-j0amw&s=Fxp9wRoCVRJ_8BZBzY1MoExjRlVCegLbFtq8txcr6F8&e=
> >
> > There are also htmlized versions available at:
> >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Diab-2Dprotocol-2Dmaintenance-2D03&d=DwICaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=6UhGpW9lwi9dM7jYlxXD8w&m=VZUxXboWY44rtZcmcswiLQuQ8TmW6g7F7Azgl-j0amw&s=aCbWfZ2WFHlTnh7WeiI8hJ_N04EoyW90y-Wuml8gLuA&e=
> >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_html_draft-2Diab-2Dprotocol-2Dmaintenance-2D03&d=DwICaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=6UhGpW9lwi9dM7jYlxXD8w&m=VZUxXboWY44rtZcmcswiLQuQ8TmW6g7F7Azgl-j0amw&s=lBVwS9yzx9lBmBEMA0cIidmh_hgRqGFclGMt6iNTPfw&e=
> >
> > A diff from the previous version is available at:
> >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_rfcdiff-3Furl2-3Ddraft-2Diab-2Dprotocol-2Dmaintenance-2D03&d=DwICaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=6UhGpW9lwi9dM7jYlxXD8w&m=VZUxXboWY44rtZcmcswiLQuQ8TmW6g7F7Azgl-j0amw&s=JdV3Cux54CLr3GLrhc4SapVMu0mBchg-65xKrwqYPCo&e=
> >
> >
> > Please note that it may take a couple of minutes from the time of
> submission until the htmlized version and diff are available at
> tools.ietf.org.
> >
> > Internet-Drafts are also available by anonymous FTP at:
> >
> https://urldefense.proofpoint.com/v2/url?u=ftp-3A__ftp.ietf.org_internet-2Ddrafts_&d=DwICaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=6UhGpW9lwi9dM7jYlxXD8w&m=VZUxXboWY44rtZcmcswiLQuQ8TmW6g7F7Azgl-j0amw&s=FA3-28RGBPX6oeQnIR42NBpfekSVh-BU7wyHCkuesdA&e=
> >
>
>

v2.23.0 | Report a Bug | By Email