Searching for a quote
There was once a fairly common saying attributed to an early networking pioneer that went something like, "be generous in what you accept, and send only the stuff that should be sent." Does anyone know what I'm talking about or who said it?
Be conservative in what you send, be liberal in what you accept ^http://en.wikipedia.org/wiki/Robustness_principle On Thu, Mar 12, 2015 at 5:20 PM, Jason Iannone <jason.iannone@gmail.com> wrote:
There was once a fairly common saying attributed to an early networking pioneer that went something like, "be generous in what you accept, and send only the stuff that should be sent." Does anyone know what I'm talking about or who said it?
That was quick. :-) Tom Paseka wrote:
Be conservative in what you send, be liberal in what you accept
^http://en.wikipedia.org/wiki/Robustness_principle
On Thu, Mar 12, 2015 at 5:20 PM, Jason Iannone <jason.iannone@gmail.com> wrote:
There was once a fairly common saying attributed to an early networking pioneer that went something like, "be generous in what you accept, and send only the stuff that should be sent." Does anyone know what I'm talking about or who said it?
-- In theory, there is no difference between theory and practice. In practice, there is. .... Yogi Berra
Low hanging fruit. On Thu, Mar 12, 2015 at 6:29 PM, Miles Fidelman <mfidelman@meetinghouse.net> wrote:
That was quick. :-)
Tom Paseka wrote:
Be conservative in what you send, be liberal in what you accept
^http://en.wikipedia.org/wiki/Robustness_principle
On Thu, Mar 12, 2015 at 5:20 PM, Jason Iannone <jason.iannone@gmail.com> wrote:
There was once a fairly common saying attributed to an early networking pioneer that went something like, "be generous in what you accept, and send only the stuff that should be sent." Does anyone know what I'm talking about or who said it?
-- In theory, there is no difference between theory and practice. In practice, there is. .... Yogi Berra
Jon Postel. I'm told that it is out of favor these days in protocol-land, from a security standpoint if nothing else. Mike On 3/12/15 5:24 PM, Tom Paseka wrote:
Be conservative in what you send, be liberal in what you accept
^http://en.wikipedia.org/wiki/Robustness_principle
On Thu, Mar 12, 2015 at 5:20 PM, Jason Iannone <jason.iannone@gmail.com> wrote:
There was once a fairly common saying attributed to an early networking pioneer that went something like, "be generous in what you accept, and send only the stuff that should be sent." Does anyone know what I'm talking about or who said it?
it is true that the risk profile has changed in the last 30 years. his core belief in interconnecting things in an open way, enabling _anyone_ to create,build, and deploy is the core of ISOCs “permission less innovation” thrust. crypto/security folks are green with envy … it is somewhat “sour grapes” no? I count my time working for him as one of the highlights of my life. In some respects, I still do… :) /bill PO Box 12317 Marina del Rey, CA 90295 310.322.8102 On 12March2015Thursday, at 17:31, Michael Thomas <mike@mtcc.com> wrote:
Jon Postel. I'm told that it is out of favor these days in protocol-land, from a security standpoint if nothing else.
Mike
On 3/12/15 5:24 PM, Tom Paseka wrote:
Be conservative in what you send, be liberal in what you accept
^http://en.wikipedia.org/wiki/Robustness_principle
On Thu, Mar 12, 2015 at 5:20 PM, Jason Iannone <jason.iannone@gmail.com> wrote:
There was once a fairly common saying attributed to an early networking pioneer that went something like, "be generous in what you accept, and send only the stuff that should be sent." Does anyone know what I'm talking about or who said it?
On Thu, Mar 12, 2015 at 6:34 PM, manning bill <bmanning@isi.edu> wrote:
it is true that the risk profile has changed in the last 30 years. his core belief in interconnecting things in an open way, enabling _anyone_ to create,build, and deploy is the core of ISOCs “permission less innovation” thrust.
I hope it was more "permission-less innovation", and not "permission, less innovation". Ambiguously punctuated statements are *so* open to misunderstandings. ^_^; Matt
Robustness is desirable from a security perspective. Failure to be liberal in what you accept and not being prepared to deal with malformed input leads to such wonders as the Microsoft bug that led to unexpected/malformed IP datagrams mishandled as "execute payload with system authority". Rather than sloppiness you could also attribute the error to malice -- that it was injected at the specific request of certain government agencies, perhaps under threat, perhaps with just a wink and a nod ... --- Theory is when you know everything but nothing works. Practice is when everything works but no one knows why. Sometimes theory and practice are combined: nothing works and no one knows why.
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Michael Thomas Sent: Thursday, 12 March, 2015 18:32 To: nanog@nanog.org Subject: Re: Searching for a quote
Jon Postel. I'm told that it is out of favor these days in protocol-land, from a security standpoint if nothing else.
Mike
On 3/12/15 5:24 PM, Tom Paseka wrote:
Be conservative in what you send, be liberal in what you accept
^http://en.wikipedia.org/wiki/Robustness_principle
On Thu, Mar 12, 2015 at 5:20 PM, Jason Iannone <jason.iannone@gmail.com> wrote:
There was once a fairly common saying attributed to an early networking pioneer that went something like, "be generous in what you accept, and send only the stuff that should be sent." Does anyone know what I'm talking about or who said it?
On 03/12/2015 10:25 PM, Keith Medcalf wrote:
Robustness is desirable from a security perspective. Failure to be liberal in what you accept and not being prepared to deal with malformed input leads to such wonders as the Microsoft bug that led to unexpected/malformed IP datagrams mishandled as "execute payload with system authority". Rather than sloppiness you could also attribute the error to malice -- that it was injected at the specific request of certain government agencies, perhaps under threat, perhaps with just a wink and a nod ...
"Being liberal in what you accept" and "being prepared to deal with malformed input" are two different concepts. Back when I was involved with protocol design on ARPAnet, what I was taught is that one has to be able to handle *correctly* malformed input, and not yield astonishing results. This is not easy, particularly in assembler language. Blowing buffer boundaries is just plain crap code. As for malice, I've never seen that. Not checking buffer boundaries, in my experience, is always stupidity or laziness. This is particular true when someone threw together a proof of concept quickly, then didn't go in and harden the code before releasing it to the world. (Some of that was born during the "interop" meetings, where groups of coders would assemble in a conference room and bang implementation together -- because it was done quickly, sometimes it was very sloppy.)
On Fri, 2015-03-13 at 06:14 -0700, Stephen Satchell wrote:
what I was taught is that one has to be able to handle *correctly* malformed input, and not yield astonishing results.
"No program should leave its sanity at the mercy of its input". PJ Plauger, I think. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4 Old fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882
On 3/12/2015 5:24 PM, Tom Paseka wrote:
Be conservative in what you send, be liberal in what you accept
As with all terse summaries, the meaning of this is easy to distort. In the unfortunately not-so-uncommon extreme, it is used to argue for demanding acceptance of all manner of random cruft, essentially translating into "the protocol requires you to support anything I send you." This, of course, is not what Jon meant. Rather, he noted the fact that protocol specifications invariably contain some ambiguities which, equally invariably, get interpreted differently by different, reasonable implementers. Hence the stricture to meant to guide the sending of what an implementer should consider to be the most conservative interpretations, and accept the most liberal (different) interpretations. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
jon postel. http://en.wikipedia.org/wiki/Jon_Postel On Thu, Mar 12, 2015 at 5:20 PM, Jason Iannone <jason.iannone@gmail.com> wrote:
There was once a fairly common saying attributed to an early networking pioneer that went something like, "be generous in what you accept, and send only the stuff that should be sent." Does anyone know what I'm talking about or who said it?
-- Dave Täht Let's make wifi fast, less jittery and reliable again! https://plus.google.com/u/0/107942175615993706558/posts/TVX3o84jjmb
On Thu, Mar 12, 2015 at 5:27 PM, Dave Taht <dave.taht@gmail.com> wrote:
jon postel. http://en.wikipedia.org/wiki/Jon_Postel
Had he lived, email and netnews would have remained usable by mere mortals and met the challenge of extreme growth and abuse. And ICANN, and for that netsol, wouldn't have become the ugly morass they became. Hell, even the IETF might have remained viable. I have few heroes. He was one of them.
On Thu, Mar 12, 2015 at 5:20 PM, Jason Iannone <jason.iannone@gmail.com> wrote:
There was once a fairly common saying attributed to an early networking pioneer that went something like, "be generous in what you accept, and send only the stuff that should be sent." Does anyone know what I'm talking about or who said it?
-- Dave Täht Let's make wifi fast, less jittery and reliable again!
https://plus.google.com/u/0/107942175615993706558/posts/TVX3o84jjmb
-- Dave Täht Let's make wifi fast, less jittery and reliable again! https://plus.google.com/u/0/107942175615993706558/posts/TVX3o84jjmb
On Thu, Mar 12, 2015 at 05:33:19PM -0700, Dave Taht wrote:
Had he lived, email and netnews would have remained usable by mere mortals and met the challenge of extreme growth and abuse. And ICANN, and for that netsol, wouldn't have become the ugly morass they became. Hell, even the IETF might have remained viable.
Indeed. That sentiment, and his memory, deserve a toast of MacAllan 18-year. And they shall have it momentarily. ---rsk
http://en.wikipedia.org/wiki/Jon_Postel Postel's Law Perhaps his most famous legacy is from RFC 760, which includes a Robustness Principle which is often labeled Postel's Law: "an implementation should be conservative in its sending behavior, and liberal in its receiving behavior" (reworded in RFC 1122 as "Be liberal in what you accept, and conservative in what you send"). On Thu, Mar 12, 2015 at 8:20 PM, Jason Iannone <jason.iannone@gmail.com> wrote:
There was once a fairly common saying attributed to an early networking pioneer that went something like, "be generous in what you accept, and send only the stuff that should be sent." Does anyone know what I'm talking about or who said it?
-- Tim:>
Thanks all. On Thu, Mar 12, 2015 at 6:28 PM, Tim Durack <tdurack@gmail.com> wrote:
http://en.wikipedia.org/wiki/Jon_Postel
Postel's Law Perhaps his most famous legacy is from RFC 760, which includes a Robustness Principle which is often labeled Postel's Law: "an implementation should be conservative in its sending behavior, and liberal in its receiving behavior" (reworded in RFC 1122 as "Be liberal in what you accept, and conservative in what you send").
On Thu, Mar 12, 2015 at 8:20 PM, Jason Iannone <jason.iannone@gmail.com> wrote:
There was once a fairly common saying attributed to an early networking pioneer that went something like, "be generous in what you accept, and send only the stuff that should be sent." Does anyone know what I'm talking about or who said it?
-- Tim:>
I feel required to point out that Postel's Law was sage advice for its time, but should now be amended with "but assume that all input is hostile." On Thu, Mar 12, 2015 at 08:28:22PM -0400, Tim Durack wrote:
http://en.wikipedia.org/wiki/Jon_Postel
Postel's Law Perhaps his most famous legacy is from RFC 760, which includes a Robustness Principle which is often labeled Postel's Law: "an implementation should be conservative in its sending behavior, and liberal in its receiving behavior" (reworded in RFC 1122 as "Be liberal in what you accept, and conservative in what you send").
On 13/03/15 10:20, Jason Iannone wrote:
There was once a fairly common saying attributed to an early networking pioneer that went something like, "be generous in what you accept, and send only the stuff that should be sent." Does anyone know what I'm talking about or who said it?
Jon Postel's Robustness Principal. http://en.wikipedia.org/wiki/Jon_Postel
participants (15)
-
Barney Wolff
-
Dave Crocker
-
Dave Taht
-
Jason Iannone
-
Karl Auer
-
Keith Medcalf
-
manning bill
-
Matthew Petach
-
Michael Thomas
-
Miles Fidelman
-
Rich Kulawiec
-
Stephen Satchell
-
Ted Cooper
-
Tim Durack
-
Tom Paseka