Re: deprecating Postel's principle- considered harmful
John C Klensin <john-ietf@jck.com> Wed, 08 May 2019 23:59 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24D8D120071 for <ietf@ietfa.amsl.com>; Wed, 8 May 2019 16:59:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DgUoYuN4kK5P for <ietf@ietfa.amsl.com>; Wed, 8 May 2019 16:59:30 -0700 (PDT)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 354C6120045 for <ietf@ietf.org>; Wed, 8 May 2019 16:59:30 -0700 (PDT)
Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1hOWT8-000548-FJ; Wed, 08 May 2019 19:59:26 -0400
Date: Wed, 08 May 2019 19:59:20 -0400
From: John C Klensin <john-ietf@jck.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, Joe Touch <touch@strayalpha.com>, Dave Cridland <dave@cridland.net>
cc: ietf@ietf.org
Subject: Re: deprecating Postel's principle- considered harmful
Message-ID: <805F602FCADEA9254B53B84B@PSB>
In-Reply-To: <5cf4c378-c7f2-4e8e-2d9c-957a3ab08b15@gmail.com>
References: <F64C10EAA68C8044B33656FA214632C89F024CD3@MISOUT7MSGUSRDE.ITServices.sbc.com> <CALaySJJDHg5j9Z7+noS=YXoNROqdsbJ6coEECtLtbJ6fWJ3xsQ@mail.gmail.c om> <DBD4837F-299B-497C-8922-AFF858B06C0F@strayalpha.com> <CAKHUCzwa89Qd6PD2EtkZU1LnT+1ZSsNiMQGAPnu5P_r=bvgMLg@mail.gmail.com> <10DC85D6-A9D1-4B4F-905D-4BD87D2F95EA@strayalpha.com> <CAKHUCzwdYLT+sY+cSuUC6bNkSn31ouGHXMx2Dj3Gc-ezaf8vyQ@mail.gmail.com> <D90A1B4C-D7A2-426E-B05E-BD264D16A9FB@strayalpha.com> <5cf4c378-c7f2-4e8e-2d9c-957a3ab08b15@gmail.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/OIyraTH3s5WmYaDafvywx67JWaQ>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 23:59:33 -0000
--On Thursday, May 9, 2019 11:04 +1200 Brian E Carpenter <brian.e.carpenter@gmail.com> wrote: > But yes, the word "tolerate" was carefully chosen. It doesn't > say "ignore buffer overflow errors" or "use heuristics to > guess what the sender meant". It means "don't throw a fatal > exception when something unexpected arrives." And it suggests > silent discard unless an error message "is required by the > specification". That's entirely consistent with the RFC1122 > text that Roland quoted. > > We'd better stick to "don't throw a fatal exception when > something unexpected arrives" unless we want several billion > unhappy users. An observation that goes a little beyond the robustness principle (but this threat seems to be have already drifted off it)... It may be useful to remember that one of the oldest and most important principles in the design of what were then called human interfaces to computers is that, when an error occurs, the result should, if at all possible, provide information about the cause, rather than either having the program freeze up or die or generating an error message with the same information content as "you lose". As with the robustness principle, failure to engage in thinking when apply this design principle often has unfortunate effects, there may be sound reasons for deciding how much information is too much, and a good interpretation of the principle may be different for the kinds and layers of protocols and implementations covered by 1122 than might be the case for those associated for 1123. But none of those considerations would be good reasons to discard or deprecate the principle itself. Doing so, like doing so with the robustness principle, would almost certainly cause serious harm to the perceived quality and usefulness of our protocols and, in particular (as others have suggested in other contexts) would increase customer support costs for those the user community holds responsible when things don't work sufficiently to cause protocol specifications to be either rejected in practice or for non-conforming, but less costly to support, alternatives to be introduced. best, john john
- RE: deprecating Postel's principle- considered ha… BRUNGARD, DEBORAH A
- Re: deprecating Postel's principle- considered ha… Barry Leiba
- Re: [arch-d] deprecating Postel's principle- cons… Stephen Farrell
- Re: [arch-d] deprecating Postel's principle- cons… Brian E Carpenter
- Re: deprecating Postel's principle- considered ha… Andrew G. Malis
- Re: [arch-d] deprecating Postel's principle- cons… Barry Leiba
- Re: deprecating Postel's principle- considered ha… Warren Kumari
- Re: [arch-d] deprecating Postel's principle- cons… Tony Li
- Re: [arch-d] deprecating Postel's principle- cons… Stephen Farrell
- Re: deprecating Postel's principle- considered ha… Adam Roach
- Re: deprecating Postel's principle- considered ha… Salz, Rich
- Re: deprecating Postel's principle- considered ha… Joel M. Halpern
- Re: deprecating Postel's principle- considered ha… Adam Roach
- Re: [IAB] [arch-d] deprecating Postel's principle… Christian Huitema
- Re: [IAB] [arch-d] deprecating Postel's principle… Stephen Farrell
- Re: [arch-d] deprecating Postel's principle- cons… Matthew Kerwin
- Re: [arch-d] deprecating Postel's principle- cons… Rich Kulawiec
- Re: [arch-d] deprecating Postel's principle- cons… Henning Schulzrinne
- Re: [arch-d] [IAB] deprecating Postel's principle… Henning Schulzrinne
- Re: [arch-d] deprecating Postel's principle- cons… Randy Presuhn
- Re: [arch-d] deprecating Postel's principle- cons… Christian Huitema
- Re: [arch-d] deprecating Postel's principle- cons… Brian E Carpenter
- Re: [arch-d] deprecating Postel's principle- cons… Henning Schulzrinne
- Re: [arch-d] deprecating Postel's principle- cons… Mark Andrews
- Re: deprecating Postel's principle- considered ha… Martin Thomson
- Re: [arch-d] [IAB] deprecating Postel's principle… Randy Bush
- Re: deprecating Postel's principle- considered ha… Joe Touch
- Re: [arch-d] deprecating Postel's principle- cons… Carsten Bormann
- Re: [arch-d] deprecating Postel's principle- cons… Masataka Ohta
- Re: deprecating Postel's principle- considered ha… Dave Cridland
- Re: [arch-d] deprecating Postel's principle- cons… Jari Arkko
- Re: [arch-d] deprecating Postel's principle- cons… John C Klensin
- Re: deprecating Postel's principle- considered ha… Joe Touch
- Re: [arch-d] deprecating Postel's principle- cons… Henning Schulzrinne
- Re: [arch-d] deprecating Postel's principle- cons… Phillip Hallam-Baker
- Re: deprecating Postel's principle- considered ha… Paul Wouters
- Re: deprecating Postel's principle- considered ha… Dave Cridland
- Re: deprecating Postel's principle- considered ha… Dave Cridland
- Re: [arch-d] deprecating Postel's principle- cons… Bless, Roland (TM)
- Re: deprecating Postel's principle- considered ha… Paul Wouters
- Re: deprecating Postel's principle- considered ha… Joe Touch
- Re: [arch-d] deprecating Postel's principle- cons… Joe Touch
- Re: [arch-d] deprecating Postel's principle- cons… John Levine
- Re: [arch-d] deprecating Postel's principle- cons… Keith Moore
- Re: deprecating Postel's principle- considered ha… Brian E Carpenter
- Re: [arch-d] deprecating Postel's principle- cons… Joe Touch
- Re: [arch-d] deprecating Postel's principle- cons… Keith Moore
- Re: deprecating Postel's principle- considered ha… John C Klensin
- Re: [arch-d] deprecating Postel's principle- cons… Joe Touch
- Re: [arch-d] deprecating Postel's principle- cons… Henning Schulzrinne
- Re: [arch-d] deprecating Postel's principle- cons… Stephen Farrell
- Re: [arch-d] deprecating Postel's principle- cons… Joe Touch
- Re: [arch-d] deprecating Postel's principle- cons… Martin Thomson
- Re: [arch-d] deprecating Postel's principle- cons… Carsten Bormann
- Re: [arch-d] deprecating Postel's principle- cons… S Moonesamy
- Re: [arch-d] deprecating Postel's principle- cons… Lloyd Wood
- Re: [arch-d] deprecating Postel's principle- cons… Eliot Lear
- Re: [arch-d] deprecating Postel's principle- cons… Carsten Bormann
- Re: [arch-d] deprecating Postel's principle- cons… Eliot Lear
- Re: [arch-d] deprecating Postel's principle- cons… Joel M. Halpern
- Re: [arch-d] deprecating Postel's principle- cons… Bob Briscoe
- Re: [arch-d] deprecating Postel's principle- cons… Phillip Hallam-Baker
- Re: [arch-d] deprecating Postel's principle- cons… Masataka Ohta
- Re: [arch-d] deprecating Postel's principle- cons… Aaron Falk
- Re: [arch-d] deprecating Postel's principle- cons… Henning Schulzrinne
- Re: [arch-d] deprecating Postel's principle- cons… Henry S. Thompson