IETF Logo Mail Archive

Re: deprecating Postel's principle - considered harmful

Keith Moore <moore@network-heretics.com> Fri, 10 May 2019 23:14 UTC

Return-Path: <moore@network-heretics.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FF261200F7 for <ietf@ietfa.amsl.com>; Fri, 10 May 2019 16:14:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uMHbtZLiNr07 for <ietf@ietfa.amsl.com>; Fri, 10 May 2019 16:14:55 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9400E1200E3 for <ietf@ietf.org>; Fri, 10 May 2019 16:14:55 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 856CA23E47; Fri, 10 May 2019 19:14:54 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Fri, 10 May 2019 19:14:54 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=G7ObV4mfWrPscRvemY8e/45n5CxpNDkO/k2ithTfz 8k=; b=toBMEdbzkad6RhPAuEt0T4NG/CTnZyvR5iiHhnTl5yx4lkn6ElRX7pD68 8mz44ezzx+ylTzDHSOzkiNf6fL3rFwJT6PLCciiKKF2E/oXYU1yCjL0AESNxaTk+ elpapbyL5M7XIIfFWR5xxEs633P9RVn0Y5D46R/5D0FdLnW+OPbJhJ7m7uxIY5Ie Bauog0ZADWav1UdynKkDm/yD8Q9MUuXV1gCCeAlgRC31tLL05ZO8pWj5rjAZWBwb pyftJnAgimstsTvEaCHFUG694dtVrQ0O6HD7zWkuNc2PghJp1bkIJ58lyD6i3oUI IQXKBuYPy15zO0MQFJJAQyw1gAp9Q==
X-ME-Sender: <xms:7QXWXB9kMCbevGG01pvPn_zyJHfTecRdY0-ZQ57SNFaJiqTUS0Rxaw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrkeelgddvtdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepuffvfhfhkffffgggjggtgfesthekre dttdefjeenucfhrhhomhepmfgvihhthhcuofhoohhrvgcuoehmohhorhgvsehnvghtfiho rhhkqdhhvghrvghtihgtshdrtghomheqnecukfhppedutdekrddvvddurddukedtrdduhe enucfrrghrrghmpehmrghilhhfrhhomhepmhhoohhrvgesnhgvthifohhrkhdqhhgvrhgv thhitghsrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:7QXWXM_h8u-wGc4jtMU9-SProL52Uc2QbHZEsHx1EU7XIlXgHUVfow> <xmx:7QXWXHmBqfw0Hw-CrDuSdvrjr5dycaTYk2o6ZmKxVEtmJ1tjYoV11A> <xmx:7QXWXC12fgk26m3c3YDZ-qMOeDCiCtZCfaV7vHZxcBCF2XVjDc2FhA> <xmx:7gXWXAgmkOoh7TAGspWenB2GLRTiSrUOrEzFDsnX5kmrHvwOHefYBw>
Received: from [192.168.1.66] (108-221-180-15.lightspeed.knvltn.sbcglobal.net [108.221.180.15]) by mail.messagingengine.com (Postfix) with ESMTPA id 7891B80059; Fri, 10 May 2019 19:14:53 -0400 (EDT)
Subject: Re: deprecating Postel's principle - considered harmful
To: ietf@ietf.org
References: <4255f805-9d9e-10a0-e6be-309779a33d26@network-heretics.com> <CAMm+LwgrVQtjLuwCyeyFpEzNzLwnYhoMjc0POdZSE8MwtetioA@mail.gmail.com> <20190510214417.GY21049@localhost> <CAMm+LwgXPzF0K08jN2y4yY+Uv1879vU1PxJTOoa9y4Jhu5G_Cg@mail.gmail.com> <20190510224746.GZ21049@localhost>
From: Keith Moore <moore@network-heretics.com>
Message-ID: <5da942c1-8f51-4e56-ab24-365a69ec587f@network-heretics.com>
Date: Fri, 10 May 2019 19:14:52 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <20190510224746.GZ21049@localhost>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/5xdZDU-Le4Q-rtoFW66ULGVKXow>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 May 2019 23:14:57 -0000

On 5/10/19 6:47 PM, Nico Williams wrote:

>> MITM proxies introduce their own horrors and they are an example of the
>> cost of trying to remain principled in an unprincipled world. We could do
>> MITM in a much better way than we have ended up with. But we can't come to
>> consensus on a protocol of that sort.
> Consensus isn't the problem.  The problem is that HTTP/1.x was so
> trivial to implement (bash + printf + nc can do it) that there are too
> many "stacks" in which to implement something new, so it can't be done.

Number of implementations (which can be related to ease of 
implementations) is something that I suspect affects which of EKR's 
equilibrium points the situation ends up in.   A protocol that's easy to 
implement should be considered a success, IMO, but it does make it 
harder to evolve the protocol.

(These days there's a bit of religious dogma floating around the idea 
that everyone should keep all of their protocol stacks current.   While 
I understand the sentiment, and often agree in specific cases, I'm not 
sure it scales well especially into the IoT world.   There's something 
to be said for a protocol that's so well-designed and stable that it 
doesn't need to be upgraded, and stable enough that it's worth spending 
the time to get the implementation right the first time.  I'm sure some 
people regard that as heresy, but there are lots of negative 
consequences associated with constantly having to have upgrades, 
including increased development/maintenance cost, increased 
interoperability failures, and increased vendor lockin.)

> This is also why 3xx redirect-based authentication methods are winning
> over as-originally-intended 401 / WWW-Authenticate / Authorization
> methods.  It's easier to implement redirect chasing than to implement a
> pluggable authentication method framework.  (Also, it's easier on server
> devs to use redirects.)  I just wish 3xx and 401 weren't mutually
> exclusive.  I posted to art@ietf.org a few weeks ago about that got no
> replies, sadly.

It has long seemed to me that the early available 401-based methods (by 
which I mean the ones available in browsers from mid to late 1990s) 
failed largely because of their inflexibility and relatively poor user 
experience provided by the browsers, and especially because avoiding 401 
altogether and using redirects and cookies instead allowed each site to 
customize the login user experience.   Then the latter became widely 
held mindshare that redirects and cookies are how you do 
authentication.   Which is very unfortunate, because cookies are an 
absolute disaster and it's very hard to see how to get rid of them.  
(Even though at least some of their problems were obvious from the 
start, and IETF tried to fix them multiple times.)

Keith

v2.23.0 | Report a Bug | By Email