@x_cli « One possible argument here is that protobuffers will hold onto any information present in a message that they don’t understand. In principle this means that it’s nondestructive to route a message through an intermediary that doesn’t understand this version of its schema. »

Oof. That's how you get parser/recognizer mismatch vulnerabilities.

@varx Exactly. Fuck Postel's principle 😡 Be strict in what you send and in what you receive/parse.
Yes, it creates ossification as it may become hard for a protocol to evolve. That's why we invented versionned APIs for, though.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.