[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
It's been 20 years today (Oct 16, UTC). Hard to believe.
On 10/16/2018 08:20 PM, bzs at theworld.com wrote:
> On October 16, 2018 at 19:35 mike at mtcc.com (Michael Thomas) wrote:
> > I believe that the IETF party line these days is that Postel was wrong
> > on this point. Security is one consideration, but there are others.
>
> Security fits into all this, being liberal in what you accept doesn't
> mean you do whatever they ask.
>
> Quite the contrary it means make sure your code doesn't roll over dead
> or misbehaving just because you received an unexpected input.
That's not the same thing. That's never acceptable. Trying to educe what
a sender really meant is a good way to create exploitable spaghetti
though. But don't take my word for it, reach out to people who pay more
attention to such things than me.
Mike