[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: issues from the bakeoff

To: dharkins@network-alchemy.com
Subject: Re: issues from the bakeoff
From: Paul Koning <pkoning@xedia.com>
Date: Fri, 18 Jun 1999 11:28:12 -0400
Cc: ipsec@lists.tislabs.com
References: <199906151954.MAA21779@potassium.network-alchemy.com>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Dan" == Dan Harkins <dharkins@network-alchemy.com> writes:

 Dan> - Is it OK to send 3 copies of every single message (which one
 Dan> implementation was doing)? Yes.

I don't think so.

The general rule of protocol design and implementation is: be strict
in what you send, lenient in what you receive.

To put that differently: I don't subscribe to the notion that
"everything not prohibited by the spec is permitted".  Rather, I
interpret the principle above to say: on the transmit side, everything 
not specifically allowed is prohibited.  On the receive side,
everything not prohibited that can be handled sensibly without
excessive cost is permitted.

For example, I don't think the TCP spec says that you shouldn't send
each packet twice.  Does that mean that an implementation that does
this (absent some specifically configured fault tolerance notion) is a 
valid implementation?  No way.

Similarly, the IKE spec doesn't specifically prohibit sending 3 copies 
of the message because, I submit, no one thought that anyone would be
silly enough to do this, so it wasn't necessary to make a specific
rule "don't do this silly thing".  But I would certainly call this
implementation broken.

	paul

Follow-Ups:

Re: issues from the bakeoff

From: Tero Kivinen <kivinen@ssh.fi>

References:

issues from the bakeoff

From: Dan Harkins <dharkins@network-alchemy.com>

Prev by Date: IPSEC, IPv6 and mobile IP
Next by Date: RE: Dangling phase 2 SAs (was RE: issues from the bakeoff)
Prev by thread: Re: issues from the bakeoff
Next by thread: Re: issues from the bakeoff
Index(es):
- Main
- Thread