On 10/17/2018 12:43 PM, Florian Weimer wrote:
* Laszlo Hanyecz:
I believe that the IETF party line these days is that Postel was wrong on this point. Security is one consideration, but there are others. Postel's maxim also allowed extensibility. If our network code rejects (or crashes) on things we don't currently understand and use, it ensures
On 2018-10-17 02:35, Michael Thomas wrote: that they can't be used by apps that come along later either. The attitude of rejecting everything in the name of security is what has forced app developers to tunnel APIs and everything else inside HTTP/DNS.
Let's be clear: crashing is a software bug. It has nothing to do with Postel. On the extensibility part, that is for the protocol itself to define, and it should be explicit. If the protocol says to reject, then you must reject. I'm not sure if extensibility one of the global protocol check offs, but it certainly should be part of any stander.
To be fair, a lot of these components that make extending protocols hard are both receivers and senders. If they are asked to forward garbage, then something has to give.
Yes, the protocol should tell you what to do. If it doesn't, its deficient. Mike