-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jan 7, 2007, at 8:37 PM, Peter Gutmann wrote:
And before Jon Postel said that, the MIT hackers said "Look for
anything that
says 'Don't to X', then try as many variations of X as possible.
"Postel's
Law" is great for interoperability, terrible for security.
I'll disagree just a bit, Peter, because one of the best ways to get
security is a lack of interoperability. Rip your network cable out of
the wall and you have great security.
Yes, if you maximize interoperability, it has effects on security.
Yes, you can come up with an interoperability hack that is cringe-
worthy from a security standpoint. Yes, the Internet as we know it is
riddled with them. But the Internet as we know it out-competed other,
more secure systems, and succeeded against them because it viewed
interoperability as the primary virtue (and had an attitude about
security that included lines like, "polite clients don't *do* that").
"Postel's Law" is a valuble rule of thumb. You *should* (maybe that
should be SHOULD) be conservative in what you generate and liberal in
what you accept. It just shouldn't override everything else. The more
that the rough consensus of implementors succeeds at the former, the
less it needs to do of the latter. Writing software is an art, not a
state machine. It needs wisdom.
The example we got here was a good one because there's no obvious
most right answer. My opinion is that the best answer is to fix up
the bad data and proceed. That has its own drawbacks. Just accepting
it is probably worst, but rejecting it isn't that much better.
Interoperability matters. Without it, we don't need security.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.5.2
Charset: US-ASCII
wj8DBQFFouNgsTedWZOD3gYRAuzyAJ9iqDne/UTQl+14S6X5muT0eNzlnACg4j4l
o3rr5YbHfS9vy52V3Rf35T8=
=TLKD
-----END PGP SIGNATURE-----