IETF Logo Mail Archive

Re: [arch-d] deprecating Postel's principle- considered harmful

Jari Arkko <jari.arkko@piuha.net> Wed, 08 May 2019 11:37 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF94812008D; Wed, 8 May 2019 04:37:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sEBWbZ5nGo9O; Wed, 8 May 2019 04:37:47 -0700 (PDT)
Received: from p130.piuha.net (p130.piuha.net [IPv6:2001:14b8:1829::130]) by ietfa.amsl.com (Postfix) with ESMTP id 6757E12006A; Wed, 8 May 2019 04:37:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 9B1486601CA; Wed, 8 May 2019 14:37:42 +0300 (EEST)
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2KMZsp4tDgRY; Wed, 8 May 2019 14:37:37 +0300 (EEST)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2001:14b8:1829::130]) by p130.piuha.net (Postfix) with ESMTPS id 5D1986600B1; Wed, 8 May 2019 14:37:37 +0300 (EEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: Re: [arch-d] deprecating Postel's principle- considered harmful
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <CAHw9_iKE9SSOK_9AUpoMaS9pGz91LuJr1_HNv0B-6RxT_rb2dw@mail.gmail.com>
Date: Wed, 08 May 2019 14:37:37 +0300
Cc: "ietf@ietf.org" <ietf@ietf.org>, Warren Kumari <warren@kumari.net>
Content-Transfer-Encoding: quoted-printable
Message-Id: <BA365F84-3BD8-4B6B-B454-B32E4B6B6D23@piuha.net>
References: <F64C10EAA68C8044B33656FA214632C89F024CD3@MISOUT7MSGUSRDE.ITServices.sbc.com> <CALaySJJDHg5j9Z7+noS=YXoNROqdsbJ6coEECtLtbJ6fWJ3xsQ@mail.gmail.com> <CAHw9_iKE9SSOK_9AUpoMaS9pGz91LuJr1_HNv0B-6RxT_rb2dw@mail.gmail.com>
To: "architecture-discuss@ietf.org" <architecture-discuss@ietf.org>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/e4NbOKF2crtJiBovsy1IiqYr8t0>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 11:37:53 -0000

I find myself agreeing with many of the posts, but maybe Warren put it most nicely and compactly: "The principle should be applied judiciously (sometimes it isn't), not discarded."

And having seen some of the too-big-to-demand-compliant-interoperability situations that Paul and others mention, I’ve also felt the pain :-)

I find it interesting to compare the situation to analogue situations in other kinds of systems. For instance, I always like to program in defensive style, where my software is as brittle as possible to catch errors. Yet, for delivered software, one often switches to maximum survivability, and often your software components can at least attempt reasonable recovery from many situations that shouldn’t have occurred. More modern software development practices combine development with monitoring, feedback, instrumentation, tracking of new versions in small populations before enlarging their usage, etc. That is kind of a best of both worlds setup, because you can make things survivable but you’ll be receiving real-time feedback on what’s actually happening in the field, and can take corrective action.

This is obviously usable also in our protocol world, but there’s a problem. You can quite easily get a lot of feedback on your own thing working well. You can also get feedback about who you are having problems with. But it isn’t easy to send that feedback to where it might actually belong in many cases: the other implementation’s maintainers. Disconnecting or 4xxing is the crudest form of signal. Yes, sometimes effective. But it also an action between two parties (me as an implementor of my thing and you as an implementor of the peer) that hurts a third party: the user.

I wish there was some other option between the silent obedience and the refusal to talk. But I don’t know what it could be.

Jari

v2.23.0 | Report a Bug | By Email