Re: [hybi] Versioning is a anti-pattern
Benjamin Black <b@b3k.us> Sat, 04 September 2010 02:50 UTC
Return-Path: <b@b3k.us>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 45F8C3A67A6 for <hybi@core3.amsl.com>; Fri, 3 Sep 2010 19:50:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.118
X-Spam-Level:
X-Spam-Status: No, score=-0.118 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fI1jrL6d7XzR for <hybi@core3.amsl.com>; Fri, 3 Sep 2010 19:50:12 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by core3.amsl.com (Postfix) with ESMTP id E92463A6783 for <hybi@ietf.org>; Fri, 3 Sep 2010 19:50:05 -0700 (PDT)
Received: by wyi11 with SMTP id 11so2582110wyi.31 for <hybi@ietf.org>; Fri, 03 Sep 2010 19:50:34 -0700 (PDT)
Received: by 10.216.161.71 with SMTP id v49mr1386432wek.94.1283568634504; Fri, 03 Sep 2010 19:50:34 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.3.129 with HTTP; Fri, 3 Sep 2010 19:50:14 -0700 (PDT)
From: Benjamin Black <b@b3k.us>
Date: Fri, 03 Sep 2010 19:50:14 -0700
Message-ID: <AANLkTi=5prJsNu1Lugin15EHVfT7OLNtT9NCxMLAonuw@mail.gmail.com>
To: hybi@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [hybi] Versioning is a anti-pattern
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Sep 2010 02:50:15 -0000
On Wed, 3 Sep 2010, Adam Barth wrote: > Versioning has been a big pain point for TLS. Here's a presentation > that outlines some recent implementation experience: > > http://www.ietf.org/proceedings/65/slides/tls-6.pdf > > I encourage you to read through the presentation (it's pretty short). > Having dealt extensively with exactly this problem, I don't see an "anti-pattern" in versioning. To the contrary, properly specified and implemented versioning is very effective in making protocols that are interoperable and extensible (one or the other alone is much easier and does not require versioning). The anti-pattern, as evidenced in TLS and documented in the presentation you reference, is in _under-specifying_ the protocol and not producing a way to _validate compliance_ such that you can produce implementations that are compliant and incompatible. See slide 7 of the presentation for a specific example. Consider BGP4: it is ostensibly versioned, but almost all change effort goes into extensions. In turn, incompatible implementations blow up in exciting, globally destructive ways every few years. Look at the introduction of the capabilities negotiation mechanism (which, admittedly, did not cause _unexpected_ problems) 10 years ago, or the recent IOS bug tickled by researchers (at Duke?) for specific examples. >> HTTP is the primary "web protocol" and AFAIK, its versioning is usually not >> considered a failure. > > The version number in HTTP hasn't been change in a very long time. I > suspect we'd encounter tremendous difficulty if we tried to change it > today. Without delving into the realm of attempting to prove a negative, I suggest this argument is invalid. The fact is the change from 1.0 to 1.1 with HTTP did not result in nearly the raft of incompatible but compliant implementation problems that were seen with SSL and TLS. Protocol versioning can absolutely be done properly. The existence of improper specifications and implementations does not damn versioning in general. Back to lurking, b ps - This sort of voluntary rejection of rigorous specification and compliance is exactly what I dislike about the current Websockets protocol upgrade handshake. It's kind of HTTP, but not quite. Hilarity ensues.
- Re: [hybi] Versioning is a anti-pattern Benjamin Black
- Re: [hybi] Versioning is a anti-pattern David Orchard
- Re: [hybi] Versioning is a anti-pattern Shelby Moore