IETF Logo Mail Archive

Re: [arch-d] deprecating Postel's principle- considered harmful

"Aaron Falk" <aaron.falk@gmail.com> Fri, 10 May 2019 15:33 UTC

Return-Path: <aaron.falk@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D43FF120116 for <ietf@ietfa.amsl.com>; Fri, 10 May 2019 08:33:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C1JA338RWKZc for <ietf@ietfa.amsl.com>; Fri, 10 May 2019 08:33:05 -0700 (PDT)
Received: from mail-qt1-x82d.google.com (mail-qt1-x82d.google.com [IPv6:2607:f8b0:4864:20::82d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7474012010E for <ietf@ietf.org>; Fri, 10 May 2019 08:33:05 -0700 (PDT)
Received: by mail-qt1-x82d.google.com with SMTP id m32so4011487qtf.0 for <ietf@ietf.org>; Fri, 10 May 2019 08:33:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=dSf20txXmiLpUEfPtaSS2b5f+Qwm9Jep45Ff2thVumw=; b=A9X1bY1pOE2VpUyhTbTI5hcPtgkgCRgfnNTQIDn5ofYXPMpjLML7s/DUSLVAZQMhIT 5IHhjsRmVECxCqZRLl4tLiOOsNReHGIA8EgAN2PY5XsqspoSZt43vgdbQhr0aUKrJ6pV /l8gbkivP85FuD1jjczq/A26zdjhlwaxx2Fno92vSJeoWHoWkX+XDPkKDIn4QR9vK/dU HWq3rTVun5SKX6yDFmoYvGjOPehxJW/HVDtdeH5SJADVtTH9hSnUyeYztBCIIHRwNzsv ygUz9Aog9M7mRHpoTaQ0rcT189eOsTfNjg77SF2sjoz8iMYQlOGC6ruAquG6xL/aT4dl lhZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dSf20txXmiLpUEfPtaSS2b5f+Qwm9Jep45Ff2thVumw=; b=s20mlrqH4aKbf8GZshf0Y/WOEOplSfjgCncu4DHWyQq9uGZaacvWoh7HBdCwsCMylF i1x6LRpzaFqynRufSuJdiBqmVd6Ar+oz3iuRX4g3BhY4dHSxpN/hT68djxXro83h8kFw /boXuSBQR+N5kumDl0fNj57eeYLWNYb/oqUFQKZAPO6/c6fTcpZYFQ8sz6pKxxapcaMu 4wdS/CRmihYNQT7RT2LlHQDun9g0jbqABPAELWWg6u/TjaSW2R1d9n+AbPV+bDYMLJrG Hmeab8c1//wlVRPASdixZKoPKVAHhidwpqVj4mo4W290StpbqHEtu+t0elc0UCYPNIlo Anaw==
X-Gm-Message-State: APjAAAVPJpalF4+3SpJPu4X9NfTV7OVR7e+dVzPfun4Ee9NYHCEWTFG9 SYdBOn/5T2K2Vkp69TKNAvIC+6E+5F4=
X-Google-Smtp-Source: APXvYqyT3U2rP7GPrvszT0CNIt183fA1/AGFJTevOp34RF48wn6gJmdX83m1Ntb/XljStKngk4daBg==
X-Received: by 2002:aed:3bc3:: with SMTP id s3mr10059572qte.313.1557502384372; Fri, 10 May 2019 08:33:04 -0700 (PDT)
Received: from [172.19.36.9] ([2001:4878:a000:3000:fc17:b25f:3162:64b6]) by smtp.gmail.com with ESMTPSA id d41sm3437773qta.22.2019.05.10.08.33.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 10 May 2019 08:33:02 -0700 (PDT)
From: Aaron Falk <aaron.falk@gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: ietf@ietf.org
Subject: Re: [arch-d] deprecating Postel's principle- considered harmful
Date: Fri, 10 May 2019 11:33:01 -0400
X-Mailer: MailMate (1.12.5r5632)
Message-ID: <7E6F7206-5768-4A25-AB1D-919ABBC98F8F@gmail.com>
In-Reply-To: <266adfd4-6eec-46cb-9c62-36735db9bd24@www.fastmail.com>
References: <F64C10EAA68C8044B33656FA214632C89F024CD3@MISOUT7MSGUSRDE.ITServices.sbc.com> <CALaySJJDHg5j9Z7+noS=YXoNROqdsbJ6coEECtLtbJ6fWJ3xsQ@mail.gmail.com> <CAHw9_iKE9SSOK_9AUpoMaS9pGz91LuJr1_HNv0B-6RxT_rb2dw@mail.gmail.com> <BA365F84-3BD8-4B6B-B454-B32E4B6B6D23@piuha.net> <99FE5EE91CE738A39D99CAC2@PSB> <266adfd4-6eec-46cb-9c62-36735db9bd24@www.fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_EF99D209-8B20-4394-9EDA-17C4AD8D4722_="
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/opJGAR_iwKyhT6c8fHc8f_971xU>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 May 2019 15:33:08 -0000

The message below (including the bits from Jari, John, and Brian) is 
excellent and thoughtful and I think really advances the conversation.  
I don’t think we should throw out the current standards process but 
you have put your finger on something.

--aaron

On 8 May 2019, at 23:25, Martin Thomson wrote:

> On Wed, May 8, 2019, at 21:38, Jari Arkko wrote:
>> I wish there was some other option between the silent obedience and 
>> the
>> refusal to talk. But I don’t know what it could be.
>
> I'm replying to Jari here because this pithy bit, taken out of context 
> and - after having read John's well considered response - grabbed me.  
> I've known this exact feeling often, and it's deeply frustrating.
>
> On Wed, May 8, 2019, at 23:10, John C Klensin wrote:
>> [...] there is an almost inevitable choice between:
>>
>> -- trying to specify every possible detail so that an
>> implementer knows what to do in every case and for every design
>> choice, including what is supposed to be done about each variety
>> of deviation from the standard by others.
>>
>> -- specifying the normal cases and general philosophy of the
>> design or protocol and trust that, with a bit of guidance,
>> implementers who are reasonably intelligent and acting in good
>> faith will sort things out correctly.
>
> The choice John presents here is even more fundamental.  Like many 
> others who were brought up on the IETF flavour of specification, I 
> greatly prefer it.  I find WhatWG and W3C specifications 
> incomprehensible for all the reasons Henry articulated.  They are very 
> much in the first category.  Unquestionably thorough in detail, but 
> obstinately inhospitable to the process of extracting higher meaning.  
> I would be the last person to advocate for following that path.
>
> (I'm going to catch heat for saying that, so let me qualify it a 
> little.  The web platform doesn't operate in quite the same way as the 
> IETF and their choice of specification mode, abhorrent as I find it, 
> does work for that community.  They had to deal with something of a 
> post-robustness-principle technical debt the likes of which many 
> people would have walked away from.  What you see is the result of 
> dedicated, meticulous work that has restored functioning 
> interoperability to that world.  The outcome is uneven, as might be 
> expected, but it functions quite effectively.  Now more so due to the 
> use of a shared test infrastructure that we should be envious of.)
>
> In my opinion, the mistake here is presenting this as a binary choice. 
>  The goal of teaching implementers the protocol remains - for me - the 
> most important function of a specification.  Existing implementations 
> don't need a spec, except to argue over when there are disagreements.  
> A spec is most helpful in serving in the creation of new 
> implementations.  The state of web specifications might be an 
> indication that the Web has given up on that (there it is again; Web 
> people, you have my email address :), but I believe that to be the 
> most important function of IETF specifications.
>
> The trap that leads to the binary choice is - again - in the 
> assumption of immutability of specifications and the unwillingness of 
> others to amend their errant ways.  But we all come the IETF with the 
> idea in mind that we can work together on improving things, and surely 
> proper functioning of protocols that are important to us (and our 
> businesses) is high on our list of priorities.  If I thought that RFC 
> 2246 were set in stone, I'd have stayed home.  If I thought that other 
> implementers were not prepared to consider changes to their 
> implementation in response to a consensus decision on a protocol, I 
> could have saved a lot time sitting in aeroplanes and airports.
>
> Possibly the best thing that has come out of IETF involvement for me 
> has been the communities I've joined as a result.  When presented with 
> an interoperability challenge, my first reaction now is never to look 
> for a workaround.  Once I determine that it isn't a local problem 
> (i.e., my fault: a lot of the problems we see), I try contacting 
> someone responsible for the problem.  And that's worked more often 
> than not.  People are responsive to reports of problems with their 
> systems.  If we conclude that we need to change specs, we work out how 
> to do that.  As a result, I haven't built a workaround for a while 
> now; we've even started to remove them from code, mostly as a result 
> of better collaboration and continued protocol maintenance.  (To the 
> earlier discussion about deployment timelines, I appreciate how much 
> this is a privilege.)
>
> Getting back to the binary choice, this is where the immutability of 
> the RFC series and our processes work against us.  The view that the 
> specification has to be "done" is a trap.  John points at the idea of 
> progression from Proposed Standard to Internet Standard as being the 
> intended way to capture the progression from "probably OK" to "more 
> concretely OK" and "almost entirely good".  While that might have been 
> the intent, I don't think that this has worked out all that well in 
> practice, or that such a directly linear progression is always 
> appropriate.  The maturity of many specs I've worked on is not always 
> uniform in a way that suits that model.
>
> Our highly discrete process hasn't been good at capturing and 
> responding to the evolving needs of a protocol.  On the other hand, 
> one of the good things with the gradual raising of the quality 
> expectations for PS RFCs[1] is that protocols have spent more time in 
> draft form, where changes are far more feasible.  But even in TLS 1.3, 
> where the process was unnaturally extended to deal with the side 
> effects it had on some forms of intermediation, the publication of an 
> RFC is not a stopping point.
>
> If we can, over time, capture all those little pitfalls and fence them 
> in with MUST and SHOULD and whatnot in a specification, we aren't 
> forced to make a choice between a timely spec and a thorough one.  
> Just start with timely and keep moving in the direction of better.
>
> [1] What it means to be suitable for the Internet has moved in the 
> same direction as our expectations for PS quality, which is entirely 
> appropriate in my opinion.  That doesn't really change the fundamental 
> analysis of when to ship, just the thresholds.
>
> On Thu, May 9, 2019, at 09:05, Brian E Carpenter wrote:
>> But yes, the word "tolerate" was carefully chosen. It doesn't say
>> "ignore buffer overflow errors" or "use heuristics to guess what the
>> sender meant". It means "don't throw a fatal exception when something
>> unexpected arrives." And it suggests silent discard unless an error
>> message "is required by the specification". That's entirely 
>> consistent
>> with the RFC1122 text that Roland quoted.
>
> RFC 1122 is my favourite articulation of the "robustness principle", 
> because it isn't the robustness principle as much as it is just 
> straight up common sense.  But the meme takes a different form.  The 
> meme has the temerity of demanding that I design protocols to it, to 
> the point that a response was necessary.

v2.23.0 | Report a Bug | By Email