IETF Logo Mail Archive

Re: [hybi] #1: HTTP Compliance

"Shelby Moore" <shelby@coolpage.com> Sun, 15 August 2010 21:33 UTC

Return-Path: <shelby@coolpage.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 038643A681D for <hybi@core3.amsl.com>; Sun, 15 Aug 2010 14:33:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.51
X-Spam-Level:
X-Spam-Status: No, score=-0.51 tagged_above=-999 required=5 tests=[AWL=-0.511, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jq70lc7-k03O for <hybi@core3.amsl.com>; Sun, 15 Aug 2010 14:33:46 -0700 (PDT)
Received: from www5.webmail.pair.com (www5.webmail.pair.com [66.39.3.83]) by core3.amsl.com (Postfix) with SMTP id AFC093A67EE for <hybi@ietf.org>; Sun, 15 Aug 2010 14:33:46 -0700 (PDT)
Received: (qmail 27155 invoked by uid 65534); 15 Aug 2010 21:34:22 -0000
Received: from 121.97.54.174 ([121.97.54.174]) (SquirrelMail authenticated user shelby@coolpage.com) by sm.webmail.pair.com with HTTP; Sun, 15 Aug 2010 17:34:22 -0400
Message-ID: <cdc1d5f265e9654085672cb82fed6ddf.squirrel@sm.webmail.pair.com>
In-Reply-To: <20100815204023.GG27614@1wt.eu>
References: <f7d4bb98e444b85b9bf1af6d4d9f0772.squirrel@sm.webmail.pair.com> <20100815100717.GA27614@1wt.eu> <1c2251f66b8d01880b6943561c07d3cb.squirrel@sm.webmail.pair.com> <20100815122648.GC27614@1wt.eu> <91f61d138b8a8a80271688a0e10a685a.squirrel@sm.webmail.pair.com> <4C67EABA.1020109@gmx.de> <30e5b12387f782afa0cb1df77de847fa.squirrel@sm.webmail.pair.com> <20100815154910.GF27614@1wt.eu> <392847bd7906678afc333a9011ae9aab.squirrel@sm.webmail.pair.com> <20100815204023.GG27614@1wt.eu>
Date: Sun, 15 Aug 2010 17:34:22 -0400
From: Shelby Moore <shelby@coolpage.com>
To: Willy Tarreau <w@1wt.eu>
User-Agent: SquirrelMail/1.4.20
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: hybi@ietf.org
Subject: Re: [hybi] #1: HTTP Compliance
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: shelby@coolpage.com
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Aug 2010 21:33:48 -0000

Agreed not a battle. Any way my ideas about these more abstract technical
issues do not seem to receive much comprehension, because they fly in
opposition to human nature to want to be in control of something (even if
it is an illusion).

I will reply publicly because I just realized I can condense the security
compartmentalization debate to fundamental theorems of computer science.

>> Applications are implementations.
>
> Hey, they're free to break themselves, and after all that happens
> everyday,
> that's called a bug. But I mean they won't break other components'
> implementations. That's very important.


> The only part of the specs that can be silently violated is the control
> of inputs.

What about the permutations of side-effects of those HTTP requests?  You
can't possibly have run a regression test on every possible permutation in
that external state machine.

If you are saying that security attacks that manifest in the end
application state machines are not introduced by the features of HTTP spec
which enables them, then I disagree with you because of fundamental
theorems of computer science say that compartmentalization is just a
fantasy[2], and aliasing (Security) errors (bugs) get pushed into other
layers.  I explained it further in a rather bizzarre (embarrassing)
diatribe[1].

[1] http://lambda-the-ultimate.org/node/1277#comment-51742

[2] http://www.mail-archive.com/haskell-cafe@haskell.org/msg66538.html

Fundamental theorems tell us that any membership rule for a set can not be
an absolute point, thus we should strive for typing and classing
architecture which is the most granular (these are my summaries):

* Russell's Paradox: there is no rule for a set that does not cause it to
contain itself, thus all sets are infinitely recursive.

* Liskov Substition Principle: it is an undecidable problem that subsets
inherit.

* Linsky Referencing: it is undecidable what something is when it is
described or perceived.

* Coase Theorem: there is no external reference point, any such barrier
will fail.

* Godel's Theorem: any formal theory, in which all arithmetic truths can
be proved, is inconsistent.

* 1856 Thermo Law: entire universe (a closed system, i.e. everything)
trends to maximum disorder.

v2.23.0 | Report a Bug | By Email