Re: [arch-d] deprecating Postel's principle- considered harmful
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 08 May 2019 14:03 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1FB3120089; Wed, 8 May 2019 07:03:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bb0OtwFWiyv5; Wed, 8 May 2019 07:03:04 -0700 (PDT)
Received: from mail-oi1-f181.google.com (mail-oi1-f181.google.com [209.85.167.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88491120026; Wed, 8 May 2019 07:03:04 -0700 (PDT)
Received: by mail-oi1-f181.google.com with SMTP id x16so9321376oic.6; Wed, 08 May 2019 07:03:04 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=cfN2iMjqVNIcVnOHcOhsps+NnyRca5E0plA7sYnueeE=; b=YZhy5wIaJxyF00vLOGj0cQjNBCqdyzVvzed1ppmycmtfZnZea3S0olHBjIbGF0aHLk KnCfsmmx66KKJNAZrmiGHUpOKuxnpN/7pyF9vfMWYuh1PumqyeKv/BBLQLi9eLDG+7oy Zwhruy7ejVIP8quPxOvK2OrfRNiI1SHEc9G+mBqN3ZziTPRY4I7V0XD0BuezYEVQoNGY 7Q6aqBjUQsp+5pGkY6Er5hU1ss4cLgJVwlY3NQNUTl4zn2z+qHnV+7i+yotz1zz1g/Kc bFowpoj38Ikga9b2QrNYRPStJnvef7aLgx8YB0snab7XRMjkSoQ3+KRHPy1PwE89ub4k +HrQ==
X-Gm-Message-State: APjAAAVbDrB9zxdv7gi8DlCR67W0kfV72ok0Mst89hEbtCU0aCj2WoLA bnMBZLajngubaF1l36YyBU1Krtt+XcD8P4joOUU=
X-Google-Smtp-Source: APXvYqzMNhZxyS8jOdERlWdVnk7fBx8xAxpt4qWnLHqMIO57OfQwEV8+ndneoK4eSjScJbAHHlDgH6l9DFYFFqbVqs4=
X-Received: by 2002:aca:c348:: with SMTP id t69mr2388250oif.95.1557324183802; Wed, 08 May 2019 07:03:03 -0700 (PDT)
MIME-Version: 1.0
References: <F64C10EAA68C8044B33656FA214632C89F024CD3@MISOUT7MSGUSRDE.ITServices.sbc.com> <CAHw9_iKE9SSOK_9AUpoMaS9pGz91LuJr1_HNv0B-6RxT_rb2dw@mail.gmail.com> <BA365F84-3BD8-4B6B-B454-B32E4B6B6D23@piuha.net> <99FE5EE91CE738A39D99CAC2@PSB>
In-Reply-To: <99FE5EE91CE738A39D99CAC2@PSB>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Wed, 08 May 2019 10:02:52 -0400
Message-ID: <CAMm+LwgJ6st28ujPAyE87WTa+cqrv4=yRBfw3nLbMiBELhYt7w@mail.gmail.com>
Subject: Re: [arch-d] deprecating Postel's principle- considered harmful
To: John C Klensin <john-ietf@jck.com>
Cc: architecture-discuss@ietf.org, IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c6a1b3058860ca5d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/0Td17J8vDRUHYcRzO0xRw4DKwmc>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 14:03:06 -0000
Let's talk about how Disney Studios lost their way. They tried to continue the methods of the great man after he died and it was a disaster. Then they suddenly realized that the great man himself had never done things the way they thought he did. Walt Disney did use storyboards, they were in his head all the time. So now they use storyboards and if you invested in Disney back in 2000 you are a very happy camper right now. We get the end-to-end principle wrapped around the axle in the same way. The argument is much more subtle than most imagine. The real principle being *think* very carefully about where you put complexity. The problems with the robustness principle became clear when we started to try to extend HTML and found that it was almost impossible to do it right because every implementation in the wild handled unknown input in different ways. The issues with SMTP are not the same because we have never really tried to change SMTP in drastic ways and even the incremental extensions are all working around the mass of legacy deployment. My approach is to distinguish reference code from running code and reverse the robustness principle. Reference code should be pedantic in what it accepts and liberal in what it generates. In fact it should perform fuzzing on its outputs deliberately sending maliciously formed messages to test for security vulnerabilities. We live in a different Internet today. There are well funded nation state actors working to break it. That is their job. There is a full blown cyber-war going on out there. The other point I think relevant is that there are limits to re-use of existing code or infrastructure. There comes a time when starting from scratch is not just the best approach, it is the only viable approach. Accepting the robustness principle means this point will be reached sooner.
- RE: deprecating Postel's principle- considered ha… BRUNGARD, DEBORAH A
- Re: deprecating Postel's principle- considered ha… Barry Leiba
- Re: [arch-d] deprecating Postel's principle- cons… Stephen Farrell
- Re: [arch-d] deprecating Postel's principle- cons… Brian E Carpenter
- Re: deprecating Postel's principle- considered ha… Andrew G. Malis
- Re: [arch-d] deprecating Postel's principle- cons… Barry Leiba
- Re: deprecating Postel's principle- considered ha… Warren Kumari
- Re: [arch-d] deprecating Postel's principle- cons… Tony Li
- Re: [arch-d] deprecating Postel's principle- cons… Stephen Farrell
- Re: deprecating Postel's principle- considered ha… Adam Roach
- Re: deprecating Postel's principle- considered ha… Salz, Rich
- Re: deprecating Postel's principle- considered ha… Joel M. Halpern
- Re: deprecating Postel's principle- considered ha… Adam Roach
- Re: [IAB] [arch-d] deprecating Postel's principle… Christian Huitema
- Re: [IAB] [arch-d] deprecating Postel's principle… Stephen Farrell
- Re: [arch-d] deprecating Postel's principle- cons… Matthew Kerwin
- Re: [arch-d] deprecating Postel's principle- cons… Rich Kulawiec
- Re: [arch-d] deprecating Postel's principle- cons… Henning Schulzrinne
- Re: [arch-d] [IAB] deprecating Postel's principle… Henning Schulzrinne
- Re: [arch-d] deprecating Postel's principle- cons… Randy Presuhn
- Re: [arch-d] deprecating Postel's principle- cons… Christian Huitema
- Re: [arch-d] deprecating Postel's principle- cons… Brian E Carpenter
- Re: [arch-d] deprecating Postel's principle- cons… Henning Schulzrinne
- Re: [arch-d] deprecating Postel's principle- cons… Mark Andrews
- Re: deprecating Postel's principle- considered ha… Martin Thomson
- Re: [arch-d] [IAB] deprecating Postel's principle… Randy Bush
- Re: deprecating Postel's principle- considered ha… Joe Touch
- Re: [arch-d] deprecating Postel's principle- cons… Carsten Bormann
- Re: [arch-d] deprecating Postel's principle- cons… Masataka Ohta
- Re: deprecating Postel's principle- considered ha… Dave Cridland
- Re: [arch-d] deprecating Postel's principle- cons… Jari Arkko
- Re: [arch-d] deprecating Postel's principle- cons… John C Klensin
- Re: deprecating Postel's principle- considered ha… Joe Touch
- Re: [arch-d] deprecating Postel's principle- cons… Henning Schulzrinne
- Re: [arch-d] deprecating Postel's principle- cons… Phillip Hallam-Baker
- Re: deprecating Postel's principle- considered ha… Paul Wouters
- Re: deprecating Postel's principle- considered ha… Dave Cridland
- Re: deprecating Postel's principle- considered ha… Dave Cridland
- Re: [arch-d] deprecating Postel's principle- cons… Bless, Roland (TM)
- Re: deprecating Postel's principle- considered ha… Paul Wouters
- Re: deprecating Postel's principle- considered ha… Joe Touch
- Re: [arch-d] deprecating Postel's principle- cons… Joe Touch
- Re: [arch-d] deprecating Postel's principle- cons… John Levine
- Re: [arch-d] deprecating Postel's principle- cons… Keith Moore
- Re: deprecating Postel's principle- considered ha… Brian E Carpenter
- Re: [arch-d] deprecating Postel's principle- cons… Joe Touch
- Re: [arch-d] deprecating Postel's principle- cons… Keith Moore
- Re: deprecating Postel's principle- considered ha… John C Klensin
- Re: [arch-d] deprecating Postel's principle- cons… Joe Touch
- Re: [arch-d] deprecating Postel's principle- cons… Henning Schulzrinne
- Re: [arch-d] deprecating Postel's principle- cons… Stephen Farrell
- Re: [arch-d] deprecating Postel's principle- cons… Joe Touch
- Re: [arch-d] deprecating Postel's principle- cons… Martin Thomson
- Re: [arch-d] deprecating Postel's principle- cons… Carsten Bormann
- Re: [arch-d] deprecating Postel's principle- cons… S Moonesamy
- Re: [arch-d] deprecating Postel's principle- cons… Lloyd Wood
- Re: [arch-d] deprecating Postel's principle- cons… Eliot Lear
- Re: [arch-d] deprecating Postel's principle- cons… Carsten Bormann
- Re: [arch-d] deprecating Postel's principle- cons… Eliot Lear
- Re: [arch-d] deprecating Postel's principle- cons… Joel M. Halpern
- Re: [arch-d] deprecating Postel's principle- cons… Bob Briscoe
- Re: [arch-d] deprecating Postel's principle- cons… Phillip Hallam-Baker
- Re: [arch-d] deprecating Postel's principle- cons… Masataka Ohta
- Re: [arch-d] deprecating Postel's principle- cons… Aaron Falk
- Re: [arch-d] deprecating Postel's principle- cons… Henning Schulzrinne
- Re: [arch-d] deprecating Postel's principle- cons… Henry S. Thompson