IETF Logo Mail Archive

Re: deprecating Postel's principle- considered harmful

Joe Touch <touch@strayalpha.com> Wed, 08 May 2019 14:33 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42CFD12012D for <ietf@ietfa.amsl.com>; Wed, 8 May 2019 07:33:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.219
X-Spam-Level:
X-Spam-Status: No, score=-1.219 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tPhwPYfil50M for <ietf@ietfa.amsl.com>; Wed, 8 May 2019 07:33:52 -0700 (PDT)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F35FD12010C for <ietf@ietf.org>; Wed, 8 May 2019 07:33:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=m9KqCnrllR/UtPYmYw43CTSMM9HanHto9JVzwHLcYfM=; b=N6x11p5Pw/JpdMIK6gYsx0if8 XzERJqJ1d72ZkedERWDDGNLqOH3PgETd1GroSpbh8MVT85ve8Hsn7x6PXFvkcWJh3Xu/XKGFvCxhv ri9FQkSChPh1c+eVoY2ZBSHtdhHznf4N4hUEbUszSj8LW0VmPkLld+C/xauGeT0nksQ0Uo8fYCRfL OKYK7bONiNpGD2wOkhYcIzW4hrswwhbfosizYc3iELALtF8BL/3Cx6hJ9P/jhzagzgaAIoNA0THr4 sL/6FbTqJDaphcmKpCTlq8purYEbmhWi3hGCLw+uSw8HSSHkEfNMsXKFevtK8gIUMIBwrY2Mb4RDY dv5G1wOSw==;
Received: from cpe-172-250-240-132.socal.res.rr.com ([172.250.240.132]:53074 helo=[192.168.1.77]) by server217.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from <touch@strayalpha.com>) id 1hONdh-00371O-Pa; Wed, 08 May 2019 10:33:50 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_D93C9B1C-F082-44D2-9006-77DC41EE4A13"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Subject: Re: deprecating Postel's principle- considered harmful
From: Joe Touch <touch@strayalpha.com>
In-Reply-To: <CAKHUCzwdYLT+sY+cSuUC6bNkSn31ouGHXMx2Dj3Gc-ezaf8vyQ@mail.gmail.com>
Date: Wed, 08 May 2019 07:33:45 -0700
Cc: "ietf@ietf.org" <ietf@ietf.org>
Message-Id: <D90A1B4C-D7A2-426E-B05E-BD264D16A9FB@strayalpha.com>
References: <F64C10EAA68C8044B33656FA214632C89F024CD3@MISOUT7MSGUSRDE.ITServices.sbc.com> <CALaySJJDHg5j9Z7+noS=YXoNROqdsbJ6coEECtLtbJ6fWJ3xsQ@mail.gmail.com> <DBD4837F-299B-497C-8922-AFF858B06C0F@strayalpha.com> <CAKHUCzwa89Qd6PD2EtkZU1LnT+1ZSsNiMQGAPnu5P_r=bvgMLg@mail.gmail.com> <10DC85D6-A9D1-4B4F-905D-4BD87D2F95EA@strayalpha.com> <CAKHUCzwdYLT+sY+cSuUC6bNkSn31ouGHXMx2Dj3Gc-ezaf8vyQ@mail.gmail.com>
To: Dave Cridland <dave@cridland.net>
X-Mailer: Apple Mail (2.3445.9.1)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/4jAW9GCl1eEWzW8YMaFyrHP8f9I>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 14:33:55 -0000


> On May 8, 2019, at 6:13 AM, Dave Cridland <dave@cridland.net> wrote:
> 
> 
> 
> On Wed, 8 May 2019 at 14:18, Joe Touch <touch@strayalpha.com <mailto:touch@strayalpha.com>> wrote:
> 
> 
> On May 8, 2019, at 12:05 AM, Dave Cridland <dave@cridland.net <mailto:dave@cridland.net>> wrote:
> 
>> *NONE* of it is about tolerating bugs or errors, nor is it about allowing arbitrary behavior for senders. 
>> 
>> 
>> Sure about that?
>> 
>> From RFC 760:
>> 
>> That is, it should be careful to send well-formed datagrams, but should accept any datagram that it can interpret (e.g., not object to technical errors where the meaning is still clear).
>> 
>> The parenthetical example is explicitly stating that a datagram with a technical error should still be accepted.
> 
> Your cut off the part about the meaning being clear.
> 
> And technical error doesn’t necessarily mean bug. It could mean specification error.
> 
> If you stick with the “meaning is clear” part, it’s safe. It’s when we get into what things might, could, or probably mean that there be dragons.
> 
> I accept your points, but if the meaning were genuinely unambiguously clear, it'd likely have been in the specification

Take a look at RFC errata; you’ll find many counterexamples. Few (if any) protocol specifications are not exhaustively complete.

> - the problem is that when there's some kind of technical error, what is and is not clear becomes very much in the eye of the implementer.

It’s true that the issues often come to light in implementations, but that’s a bit like saying spelling errors are caused by editing.

> So while I did indeed fixate on that "technical errors" to the exclusion of "the meaning is still clear", that's because it's the technical error bit that I think is the technical error here.
> 
> This is also why I drew attention to the RFC 1122 Section 1.2.2 restatement and lengthy discussion - I don't see anything I could reasonably disagree with there, yet both the first RFC to discuss the principle (RFC 760 above) and the last (RFC 1958) both seem problematic to me.

760 includes “where the meaning is still clear”.

1958 just says “tolerate” - which doesn’t mean “accept as valid”. 

In all cases, IMO the Postel Principle just expresses a level of agnosticism that, at a human level, is often expressed as “give others the benefit of the doubt” (when receiving) and “don’t push your luck” when sending.

When you get deep into trying to infer intent (as some in the IETF have done regarding defending against so-called “attacks” that are indistinguishable from benign errors), you end up in trouble. The same problem occurs if you’re too strict in every exchange in both directions.

Joe

v2.23.0 | Report a Bug | By Email