On 10/17/2018 12:43 PM, Florian Weimer wrote:
* Laszlo Hanyecz:
On 2018-10-17 02:35, Michael Thomas wrote:
I believe that the IETF party line these days is that Postel was wrong
on this point. Security is one consideration, but there are others.
Postel's maxim also allowed extensibility. If our network code rejects
(or crashes) on things we don't currently understand and use, it ensures
that they can't be used by apps that come along later either. The
attitude of rejecting everything in the name of security is what has
forced app developers to tunnel APIs and everything else inside HTTP/DNS.
Let's be clear: crashing is a software bug. It has nothing to do with
Postel.
On the extensibility part, that is for the protocol itself to define,
and it should be explicit. If the protocol says to reject, then you must
reject. I'm not sure if extensibility one of the global protocol check
offs, but it certainly should be part of any stander.
To be fair, a lot of these components that make extending protocols
hard are both receivers and senders. If they are asked to forward
garbage, then something has to give.
Yes, the protocol should tell you what to do. If it doesn't, its deficient.
Mike
