Network Working Group M. Thomson Internet-Draft Mozilla Intended status: Informational June 12, 2017 Expires: December 14, 2017 The Harmful Consequences of Postel's Maxim draft-thomson-postel-was-wrong-01 Abstract Jon Postel's famous statement in RFC 1122 of "Be liberal in what you accept, and conservative in what you send" - is a principle that has long guided the design of Internet protocols and implementations of those protocols. The posture this statement advocates might promote interoperability in the short term, but that short-term advantage is outweighed by negative consequences that affect the long-term maintenance of a protocol and its ecosystem. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on December 14, 2017. Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Thomson Expires December 14, 2017 [Page 1]

Internet-Draft Elephants Out, Donkeys In June 2017 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Protocol Decay . . . . . . . . . . . . . . . . . . . . . . . 3 3. The Long Term Costs . . . . . . . . . . . . . . . . . . . . . 4 4. A New Design Principle . . . . . . . . . . . . . . . . . . . 5 4.1. Fail Fast and Hard . . . . . . . . . . . . . . . . . . . 5 4.2. Implementations Are Ultimately Responsible . . . . . . . 5 4.3. Protocol Maintenance is Important . . . . . . . . . . . . 6 5. Security Considerations . . . . . . . . . . . . . . . . . . . 6 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 7. Informative References . . . . . . . . . . . . . . . . . . . 6 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 1 . Introduction RFC0760]: In general, an implementation should be conservative in its sending behavior, and liberal in its receiving behavior. In comparison, his contributions to the underpinnings of the Internet, which are in many respects more significant, enjoy less conscious recognition. Postel's principle has been hugely influential in shaping the Internet and the systems that use Internet protocols. Many consider this principle to be instrumental in the success of the Internet as well as the design of interoperable protocols in general. Over time, considerable changes have occurred in both the scale of the Internet and the level of skill and experience available to protocol and software designers. Much of that experience is with protocols that were designed, informed by Postel's maxim, in the early phases of the Internet. That experience shows that there are negative long-term consequences to interoperability if an implementation applies Postel's advice. Correcting the problems caused by divergent behavior in implementations can be difficult. Thomson Expires December 14, 2017 [Page 2]

Internet-Draft Elephants Out, Donkeys In June 2017 It might be suggested that the posture Postel advocates was indeed necessary during the formative years of the Internet, and even key to its success. This document takes no position on that claim. This document instead describes the negative consequences of the application of Postel's principle to the modern Internet. A replacement design principle is suggested. There is good evidence to suggest that designers of protocols in the IETF widely understand the limitations of Postel's principle. This document serves primarily as a record of the shortcomings of His principle for the wider community. 2 . Protocol Decay RFC4627] omitted critical details on a range of points including Unicode handling, ordering and duplication of object members, and number encoding. Consequently, a range of interpretations were used by implementations. An update [RFC7159] was unable to correct these Thomson Expires December 14, 2017 [Page 3]

Internet-Draft Elephants Out, Donkeys In June 2017 errors, instead concentrating on defining the interoperable subset of JSON. I-JSON [RFC7493] defines a new format that is substantially similar to JSON without the interoperability flaws. I-JSON also intentionally omits some interoperability: an I-JSON implementation will fail to accept some valid JSON texts. Consequently, most JSON parsers do not implement I-JSON. An entrenched flaw can become a de facto standard. Any implementation of the protocol is required to replicate the aberrant behavior, or it is not interoperable. This is both a consequence of applying Postel's advice, and a product of a natural reluctance to avoid fatal error conditions. This is colloquially referred to as being "bug for bug compatible". It is debatable as to whether decay can be completely avoided, but Postel's maxim encourages a reaction that compounds this issue. 3 . The Long Term Costs RFC7230]. This effort took more than 6 years to document protocol variations and describe what has - over time - become a far more complex protocol. Thomson Expires December 14, 2017 [Page 4]

Internet-Draft Elephants Out, Donkeys In June 2017 4 . A New Design Principle 4.1 . Fail Fast and Hard 4.2 . Implementations Are Ultimately Responsible Thomson Expires December 14, 2017 [Page 5]

Internet-Draft Elephants Out, Donkeys In June 2017 can cause long-term problems. Ideally, specification shortcomings are taken to protocol maintainers. Unreasoning strictness can be detrimental. Protocol designers and implementers expected to exercise judgment in determining what level of strictness is ultimately appropriate. In every case, documenting the decision to deviate from what is specified can avoid later issues. 4.3 . Protocol Maintenance is Important RFC6709] can relieve some of the pressure on maintenance. 5 . Security Considerations 6 . IANA Considerations 7 . Informative References RFC0760] Postel, J., "DoD standard Internet Protocol", RFC 760, DOI 10.17487/RFC0760, January 1980, <http://www.rfc-editor.org/info/rfc760>. [RFC4627] Crockford, D., "The application/json Media Type for JavaScript Object Notation (JSON)", RFC 4627, DOI 10.17487/RFC4627, July 2006, <http://www.rfc-editor.org/info/rfc4627>. Thomson Expires December 14, 2017 [Page 6]