IETF Logo Mail Archive

Re: deprecating Postel's principle- considered harmful

John C Klensin <john-ietf@jck.com> Wed, 08 May 2019 23:59 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24D8D120071 for <ietf@ietfa.amsl.com>; Wed, 8 May 2019 16:59:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DgUoYuN4kK5P for <ietf@ietfa.amsl.com>; Wed, 8 May 2019 16:59:30 -0700 (PDT)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 354C6120045 for <ietf@ietf.org>; Wed, 8 May 2019 16:59:30 -0700 (PDT)
Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1hOWT8-000548-FJ; Wed, 08 May 2019 19:59:26 -0400
Date: Wed, 08 May 2019 19:59:20 -0400
From: John C Klensin <john-ietf@jck.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, Joe Touch <touch@strayalpha.com>, Dave Cridland <dave@cridland.net>
cc: ietf@ietf.org
Subject: Re: deprecating Postel's principle- considered harmful
Message-ID: <805F602FCADEA9254B53B84B@PSB>
In-Reply-To: <5cf4c378-c7f2-4e8e-2d9c-957a3ab08b15@gmail.com>
References: <F64C10EAA68C8044B33656FA214632C89F024CD3@MISOUT7MSGUSRDE.ITServices.sbc.com> <CALaySJJDHg5j9Z7+noS=YXoNROqdsbJ6coEECtLtbJ6fWJ3xsQ@mail.gmail.c om> <DBD4837F-299B-497C-8922-AFF858B06C0F@strayalpha.com> <CAKHUCzwa89Qd6PD2EtkZU1LnT+1ZSsNiMQGAPnu5P_r=bvgMLg@mail.gmail.com> <10DC85D6-A9D1-4B4F-905D-4BD87D2F95EA@strayalpha.com> <CAKHUCzwdYLT+sY+cSuUC6bNkSn31ouGHXMx2Dj3Gc-ezaf8vyQ@mail.gmail.com> <D90A1B4C-D7A2-426E-B05E-BD264D16A9FB@strayalpha.com> <5cf4c378-c7f2-4e8e-2d9c-957a3ab08b15@gmail.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/OIyraTH3s5WmYaDafvywx67JWaQ>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 23:59:33 -0000


--On Thursday, May 9, 2019 11:04 +1200 Brian E Carpenter
<brian.e.carpenter@gmail.com> wrote:

> But yes, the word "tolerate" was carefully chosen. It doesn't
> say "ignore buffer overflow errors" or "use heuristics to
> guess what the sender meant". It means "don't throw a fatal
> exception when something unexpected arrives." And it suggests
> silent discard unless an error message "is required by the
> specification". That's entirely consistent with the RFC1122
> text that Roland quoted.
> 
> We'd better stick to "don't throw a fatal exception when
> something unexpected arrives" unless we want several billion
> unhappy users.

An observation that goes a little beyond the robustness
principle (but this threat seems to be have already drifted off
it)...    It may be useful to remember that one of the oldest
and most important principles in the design of what were then
called human interfaces to computers is that, when an error
occurs, the result should, if at all possible, provide
information about the cause, rather than either having the
program freeze up or die or generating an error message with the
same information content as "you lose".  As with the robustness
principle, failure to engage in thinking when apply this design
principle often has unfortunate effects, there may be sound
reasons for deciding how much information is too much, and a
good interpretation of the principle may be different for the
kinds and layers of protocols and implementations covered by
1122 than might be the case for those associated for 1123.  But
none of those considerations would be good reasons to discard or
deprecate the principle itself.  Doing so, like doing so with
the robustness principle, would almost certainly cause serious
harm to the perceived quality and usefulness of our protocols
and, in particular (as others have suggested in other contexts)
would increase customer support costs for those the user
community holds responsible when things don't work sufficiently
to cause protocol specifications to be either rejected in
practice or for non-conforming, but less costly to support,
alternatives to be introduced.

best,
   john


    john

v2.23.0 | Report a Bug | By Email