1. 5

  2. 4

    This article attempts to salvage Postel’s Law by contextualizing it with the surrounding contents of the original RFC that spawned it. Unfortunately, this doesn’t mean that Postel’s Law on its own is good, it means Postel’s Law + surrounding context is good. But no one uses it with the surrounding context, so this salvage doesn’t really matter much.

    The better update would be “be conservative in what you send, and conservative in what you accept from others” (yes, the clauses are switched from the original, because this flows better than the alternative). Our security is made a lot better when interchange formats are simple, well-defined, and easily checked, and when receivers don’t attempt to tidy up or interpret broken or invalid input. Anything else is asking for edge cases to bite you.