On 15.6.2017 00:31, Joe Touch wrote:
On 6/14/2017 8:41 AM, Petr Špaček wrote:
To sum it up, decision what is acceptable and what is unacceptable
should be in protocol developer's hands.
That should be in the specification.
What the specification leaves open, implementations should respect and
honor as allowed.
This is exactly the point where our opinions differ.
My point of view is that specification should clearly define extension
points and implementations should:
a) Use Postel's principle within defined 'extension' points.
b) Treat any deviation from documented protocol (including non-defined
aspects of protocol outside of extension points) as an error.
Nice set of reasons for being strict when receiving messages is
described in the following article:
"A Patch for Postel's Robustness Principle",
Len Sassaman, Meredith L. Patterson, Sergey Bratus,
2012 IEEE S&P Journal,
http://langsec.org/papers/postel-patch.pdf
Also, the whole web http://langsec.org/ is an interesting read.
--
Petr Špaček @ CZ.NIC