Re: [arch-d] deprecating Postel's principle- considered harmful
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 08 May 2019 14:03 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1FB3120089; Wed, 8 May 2019 07:03:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bb0OtwFWiyv5; Wed, 8 May 2019 07:03:04 -0700 (PDT)
Received: from mail-oi1-f181.google.com (mail-oi1-f181.google.com [209.85.167.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88491120026; Wed, 8 May 2019 07:03:04 -0700 (PDT)
Received: by mail-oi1-f181.google.com with SMTP id x16so9321376oic.6; Wed, 08 May 2019 07:03:04 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=cfN2iMjqVNIcVnOHcOhsps+NnyRca5E0plA7sYnueeE=; b=YZhy5wIaJxyF00vLOGj0cQjNBCqdyzVvzed1ppmycmtfZnZea3S0olHBjIbGF0aHLk KnCfsmmx66KKJNAZrmiGHUpOKuxnpN/7pyF9vfMWYuh1PumqyeKv/BBLQLi9eLDG+7oy Zwhruy7ejVIP8quPxOvK2OrfRNiI1SHEc9G+mBqN3ZziTPRY4I7V0XD0BuezYEVQoNGY 7Q6aqBjUQsp+5pGkY6Er5hU1ss4cLgJVwlY3NQNUTl4zn2z+qHnV+7i+yotz1zz1g/Kc bFowpoj38Ikga9b2QrNYRPStJnvef7aLgx8YB0snab7XRMjkSoQ3+KRHPy1PwE89ub4k +HrQ==
X-Gm-Message-State: APjAAAVbDrB9zxdv7gi8DlCR67W0kfV72ok0Mst89hEbtCU0aCj2WoLA bnMBZLajngubaF1l36YyBU1Krtt+XcD8P4joOUU=
X-Google-Smtp-Source: APXvYqzMNhZxyS8jOdERlWdVnk7fBx8xAxpt4qWnLHqMIO57OfQwEV8+ndneoK4eSjScJbAHHlDgH6l9DFYFFqbVqs4=
X-Received: by 2002:aca:c348:: with SMTP id t69mr2388250oif.95.1557324183802; Wed, 08 May 2019 07:03:03 -0700 (PDT)
MIME-Version: 1.0
References: <F64C10EAA68C8044B33656FA214632C89F024CD3@MISOUT7MSGUSRDE.ITServices.sbc.com> <CAHw9_iKE9SSOK_9AUpoMaS9pGz91LuJr1_HNv0B-6RxT_rb2dw@mail.gmail.com> <BA365F84-3BD8-4B6B-B454-B32E4B6B6D23@piuha.net> <99FE5EE91CE738A39D99CAC2@PSB>
In-Reply-To: <99FE5EE91CE738A39D99CAC2@PSB>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Wed, 08 May 2019 10:02:52 -0400
Message-ID: <CAMm+LwgJ6st28ujPAyE87WTa+cqrv4=yRBfw3nLbMiBELhYt7w@mail.gmail.com>
To: John C Klensin <john-ietf@jck.com>
Cc: architecture-discuss@ietf.org, IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c6a1b3058860ca5d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/dOeITAjESoXqkIAM2YUFMtIBlZM>
Subject: Re: [arch-d] deprecating Postel's principle- considered harmful
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 14:03:06 -0000
Let's talk about how Disney Studios lost their way. They tried to continue the methods of the great man after he died and it was a disaster. Then they suddenly realized that the great man himself had never done things the way they thought he did. Walt Disney did use storyboards, they were in his head all the time. So now they use storyboards and if you invested in Disney back in 2000 you are a very happy camper right now. We get the end-to-end principle wrapped around the axle in the same way. The argument is much more subtle than most imagine. The real principle being *think* very carefully about where you put complexity. The problems with the robustness principle became clear when we started to try to extend HTML and found that it was almost impossible to do it right because every implementation in the wild handled unknown input in different ways. The issues with SMTP are not the same because we have never really tried to change SMTP in drastic ways and even the incremental extensions are all working around the mass of legacy deployment. My approach is to distinguish reference code from running code and reverse the robustness principle. Reference code should be pedantic in what it accepts and liberal in what it generates. In fact it should perform fuzzing on its outputs deliberately sending maliciously formed messages to test for security vulnerabilities. We live in a different Internet today. There are well funded nation state actors working to break it. That is their job. There is a full blown cyber-war going on out there. The other point I think relevant is that there are limits to re-use of existing code or infrastructure. There comes a time when starting from scratch is not just the best approach, it is the only viable approach. Accepting the robustness principle means this point will be reached sooner.
- Re: [arch-d] deprecating Postel's principle- cons… BRUNGARD, DEBORAH A
- Re: [arch-d] deprecating Postel's principle- cons… Barry Leiba
- Re: [arch-d] deprecating Postel's principle- cons… Stephen Farrell
- Re: [arch-d] deprecating Postel's principle- cons… Brian E Carpenter
- Re: [arch-d] deprecating Postel's principle- cons… Andrew G. Malis
- Re: [arch-d] deprecating Postel's principle- cons… Barry Leiba
- Re: [arch-d] deprecating Postel's principle- cons… Warren Kumari
- Re: [arch-d] deprecating Postel's principle- cons… Tony Li
- Re: [arch-d] deprecating Postel's principle- cons… Stephen Farrell
- Re: [arch-d] deprecating Postel's principle- cons… Adam Roach
- Re: [arch-d] deprecating Postel's principle- cons… Salz, Rich
- Re: [arch-d] deprecating Postel's principle- cons… Joel M. Halpern
- Re: [arch-d] deprecating Postel's principle- cons… Adam Roach
- Re: [arch-d] [IAB] deprecating Postel's principle… Christian Huitema
- Re: [arch-d] [IAB] deprecating Postel's principle… Stephen Farrell
- Re: [arch-d] deprecating Postel's principle- cons… Matthew Kerwin
- Re: [arch-d] deprecating Postel's principle- cons… Rich Kulawiec
- Re: [arch-d] deprecating Postel's principle- cons… Henning Schulzrinne
- Re: [arch-d] [IAB] deprecating Postel's principle… Henning Schulzrinne
- Re: [arch-d] deprecating Postel's principle- cons… Christian Huitema
- Re: [arch-d] deprecating Postel's principle- cons… Brian E Carpenter
- Re: [arch-d] deprecating Postel's principle- cons… Henning Schulzrinne
- Re: [arch-d] deprecating Postel's principle- cons… Mark Andrews
- Re: [arch-d] deprecating Postel's principle- cons… Paul Wouters
- Re: [arch-d] [IAB] deprecating Postel's principle… Randy Bush
- Re: [arch-d] deprecating Postel's principle- cons… Joe Touch
- Re: [arch-d] deprecating Postel's principle- cons… Carsten Bormann
- Re: [arch-d] deprecating Postel's principle- cons… Jari Arkko
- Re: [arch-d] deprecating Postel's principle- cons… John C Klensin
- Re: [arch-d] deprecating Postel's principle- cons… Henning Schulzrinne
- Re: [arch-d] deprecating Postel's principle- cons… Phillip Hallam-Baker
- Re: [arch-d] deprecating Postel's principle- cons… Bless, Roland (TM)
- Re: [arch-d] deprecating Postel's principle- cons… Joe Touch
- Re: [arch-d] deprecating Postel's principle- cons… Henry S. Thompson
- Re: [arch-d] deprecating Postel's principle- cons… Henning Schulzrinne
- Re: [arch-d] deprecating Postel's principle- cons… Henning Schulzrinne
- Re: [arch-d] deprecating Postel's principle- cons… S Moonesamy
- Re: [arch-d] deprecating Postel's principle- cons… Eliot Lear
- Re: [arch-d] deprecating Postel's principle- cons… Carsten Bormann
- Re: [arch-d] deprecating Postel's principle- cons… Eliot Lear
- Re: [arch-d] deprecating Postel's principle- cons… Bob Briscoe
- Re: [arch-d] deprecating Postel's principle- cons… Henning Schulzrinne
- Re: [arch-d] deprecating Postel's principle- cons… Henry S. Thompson