On Jun 14, 2017, at 3:44 PM, Brian E Carpenter
<brian(_dot_)e(_dot_)carpenter(_at_)gmail(_dot_)com> wrote:
On 15/06/2017 08:20, Joel M. Halpern wrote:
...
I would be very unhappy to see us take the lesson from cases where we
were sloppy to be that we should tell everyone to have their
implementations break at the slightest error.
Indeed. We need implementations to be as robust as possible. […]
Looking at the core of the draft:
Protocol designs and implementations should fail noisily in
response to bad or undefined inputs.
that seems a very reasonable principle for *prototype* and
*experimental* implementations, and a lousy one for production
code, where the response to malformed messages should be much
more nuanced;
+1
Put another way -
the goal of a _specification_ is to coordinate the actions of multiple,
independent implementors, across different circumstances, environments, depths
of knowledge, etc. etc. etc.
The goal of an _implementation_ is to serve its users as best as it can when
that coordination is not quite perfect.
These are decidedly not the same thing.
cheers, -john