On 6/23/2017 2:25 AM, Dearlove, Christopher (UK) wrote:
Joe Touch wrote:
Liberal means that if it's possibly valid, you should accept it as such.
That necessitates the protocol designer explicitly flagging some things as
invalid.
That's quite typical. Many protocols clearly indicate explicit invalid
cases.
Obvious example is a should be signed message lacking a signature. If taking
the most liberal view (as above) the protocol needs to say something like "if
the signature is missing or invalid, then the message must be rejected". I
don't think that's anything new, I've seen it done.
I can see at least the following cases where making intent clear is, in my
opinion at least, a good idea:
- Security and other sensitive cases of failure. Need to say explicitly
reject.
When not specified, "silently ignore" is another option.
- Mechanisms designed for extensions. While the Postel principle makes it
unnecessary to say so, it really doesn't hurt saying that a message shouldn't
be rejected just for this reason.
Agreed.
- Where what you receive is a container of multiple things (messages in a
packet, TLVs in a message). Making the assumed dependence/independence clear
doesn't hurt (if rejecting/ignoring one, does this impact on the others?).
That's not something that spirals out of control in size, a couple of
sentences would cover most cases.
Right - the Postel Principle isn't a license to be lazy in either a
protocol spec or implementation.
Joe