On Mon, May 31, 2004 at 04:58:33PM -0400, Meng Weng Wong wrote:
| The question is what a permfail should do.
|
| We can fail open, as we presently do; the semantic becomes
| equivalent to neutral.
|
| We can fail closed, which run the risk of false positives by
| clients that don't understand new mechanisms, even if those
| new mechanisms are widely accepted.
Mark and I went over this at some length back in November.
Basically, if a mechanism is unknown (whether it's inside an
include or not) you have a choice of aborting or
continuing. Presently, the specification says to abort.
If you continue, you're now implicitly searching for a PASS,
so now you have to operate in degraded mode. The
unrecognized mechanism could have returned a match or
no-match, so now the rest of the computation occurs in a
sort of superposed state.
If the rest of the computation returns a fail, and if the
unrecognized mechanism was prefixed with a +, then you
reason that the unrecognized mechanism could've returned a
match, and so you downgrade the fail to an unknown.
If the rest of the computation returns a pass, and if the
unrecognized mechanism was prefixed with a -, then you
reason that the unrecognized mechanism could've returned a
match, and so you downgrade the pass to an unknown.
Either way you get unknown, so you might as well abort.