On 10/16/2018 08:20 PM, b...@theworld.com wrote:
On October 16, 2018 at 19:35 m...@mtcc.com (Michael Thomas) wrote:
> I believe that the IETF party line these days is that Postel was wrong
> on this point. Security is one consideration, but there are others.
Security fits into all this, being liberal in what you accept doesn't
mean you do whatever they ask.
Quite the contrary it means make sure your code doesn't roll over dead
or misbehaving just because you received an unexpected input.
That's not the same thing. That's never acceptable. Trying to educe what
a sender really meant is a good way to create exploitable spaghetti
though. But don't take my word for it, reach out to people who pay more
attention to such things than me.
Mike
