ietf
[Top] [All Lists]

Re: I-D Action: draft-thomson-postel-was-wrong-01.txt

2017-06-18 13:10:07
FWIW:

On 6/17/2017 7:18 AM, Petr Špaček wrote:
What the specification leaves open, implementations should respect and
honor as allowed.
This is exactly the point where our opinions differ.
My point of view is that specification should clearly define extension
points and implementations should:
a) Use Postel's principle within defined 'extension' points.
b) Treat any deviation from documented protocol (including non-defined
aspects of protocol outside of extension points) as an error.
You're asking for 10,000 page specifications and 10MB protocol
implementations that are vulnerable to attack.

Nice set of reasons for being strict when receiving messages is
described in the following article:

"A Patch for Postel's Robustness Principle",
Len Sassaman, Meredith L. Patterson, Sergey Bratus,
2012 IEEE S&P Journal,
http://langsec.org/papers/postel-patch.pdf
I would encourage them to read Shannon/Weaver as well.

Joe


<Prev in Thread] Current Thread [Next in Thread>