On 16/06/2017 17:55, Julian Reschke wrote:
On 2017-06-15 20:28, Bob Hinden wrote:
.. > I agree.
It also seems to me that having implementations "fail noisily in response to
bad or undefined inputs" is a great formula to making implementations very
fragile and consequently very easy to attack. Overall, I think the approach
outlined in this draft would not have allowed us to build the current
Internet.
> ...
There's a distinction between failing as in "catching fire and
exploding" (bad) and "signalling an error and not processing a request"
(what Martin is describing).
That isn't obvious to the casual reader. But anyway, if you are under DDOS
attack, signalling an error rather than just releasing the mbuf may be all
the difference between system failure and survival*. I think it's very
dangerous to generalise.
Brian
*That's why I often delete emails unread & unanswered :-)
Bob
p.s. The file name chosen for this draft appears to be a good example of
stepping on the toes of those who came before, instead of standing on their
shoulders. See: http://wiki.c2.com/?ShouldersOfGiants
It was an excellent way to get attention. I think it's excellent that we
are having this discussion.
Best regards, Julian