Postel's law
   HOME

TheInfoList



Click Here for Items Related To - Postel's law
OR:
Postel's law on:   [Wikipedia]   [Google]   [Amazon]

In
computing Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experimentation of algorithmic processes, and development of both hardware and software. Computing has scientific, ...
, the robustness principle is a design guideline for software that states: "be conservative in what you do, be liberal in what you accept from others". It is often reworded as: "be conservative in what you send, be liberal in what you accept". The principle is also known as Postel's law, after
Jon Postel Jonathan Bruce Postel (; August 6, 1943 – October 16, 1998) was an American computer scientist who made many significant contributions to the development of the Internet, particularly with respect to standards. He is known principally for bein ...
, who used the wording in an early specification of TCP. In other words, programs that send messages to other machines (or to other programs on the same machine) should conform completely to the specifications, but programs that receive messages should accept non-conformant input as long as the meaning is clear. Among programmers, to produce compatible functions, the principle is also known in the form be contravariant in the input type and covariant in the output type.


Interpretation

RFC 1122 (1989) expanded on Postel's principle by recommending that programmers "assume that the network is filled with malevolent entities that will send in packets designed to have the worst possible effect". Protocols should allow for the addition of new codes for existing fields in future versions of protocols by accepting messages with unknown codes (possibly logging them). Programmers should avoid sending messages with "legal but obscure protocol features" that might expose deficiencies in receivers, and design their code "not just to survive other misbehaving hosts, but also to cooperate to limit the amount of disruption such hosts can cause to the shared communication facility".


Criticism

In 2001,
Marshall Rose Marshall T. Rose (born 1961) is a network protocol and software engineer, author, and speaker who has contributed to the Internet Engineering Task Force (IETF), the Internet, and Internet and network applications. More specifically, he has spe ...
characterized several deployment problems when applying Postel's principle in the design of a new application protocol. For example, a defective implementation that sends non-conforming messages might be used only with implementations that tolerate those deviations from the specification until, possibly several years later, it is connected with a less tolerant application that rejects its messages. In such a situation, identifying the problem is often difficult, and deploying a solution can be costly. Rose therefore recommended "explicit consistency checks in a protocol ... even if they impose implementation overhead". From 2015 to 2018, in a series of
Internet Draft An Internet Draft (I-D) is a document published by the Internet Engineering Task Force (IETF) containing preliminary technical specifications, results of networking-related research, or other technical information. Often, Internet Drafts are int ...
s, Martin Thomson argues that Postel's robustness principle actually leads to a ''lack'' of robustness, including security: In 2018, a paper on
privacy-enhancing technologies Privacy-enhancing technologies (PET) are technologies that embody fundamental data protection principles by minimizing personal data use, maximizing data security, and empowering individuals. PETs allow online users to protect the privacy of their ...
by Florentin Rochet and Olivier Pereira showed how to exploit Postel's robustness principle inside the Tor
routing protocol A routing protocol specifies how routers communicate with each other to distribute information that enables them to select routes between nodes on a computer network. Routers perform the traffic directing functions on the Internet; data packet ...
to compromise the anonymity of onion services and Tor clients.


See also

*
Unix philosophy The Unix philosophy, originated by Ken Thompson, is a set of cultural norms and philosophical approaches to minimalist, modular software development. It is based on the experience of leading developers of the Unix operating system. Early Uni ...
* Static discipline *
Open–closed principle In object-oriented programming, the open–closed principle (OCP) states "''software entities (classes, modules, functions, etc.) should be open for extension, but closed for modification''"; that is, such an entity can allow its behaviour to be ...


References

{{reflist


External links


History of the (Internet) Robustness Principle
(Nick Gall, May 2005)
Internet Protocol
page 22; J. Postel, IEN 111, August 1979. Computer architecture statements Internet Standards