W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: Signatures and Authentication information must go at end of meesage.

From: <hallam@w3.org>
Date: Thu, 08 Feb 96 11:39:29 -0500
Message-Id: <9602081639.AA04494@zorch.w3.org>
To: Ned Freed <NED@innosoft.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Cc: hallam@w3.org

>I guess you don't ever use Ethernet then because apparently you object to it on
>principle. Or any transistors, for that matter. Gee, I sure would like to the
>system you are using...

Ethernet suffers from poor performance precisely because of the collision 
problem. If ethernet segments are loaded heavilly they end up processing nothing 
but collisions. This is why the bridge and router infrastructure came about. If 
you look at the rationale behind the ethernet design versus token ring or the 
like the main advantage of ethernet was meant to be that it did not need the 
expensive special purpose boxes which deterministic schemes needed.


>You live in a stochastic universe. You are dreaming if you think otherwise.

Quantum phenomena are guaranteed to be ergodic. Computer protocols are 
practically guaranteed to create correlations. It is not probability per se that 
I object to depending upon, it is poorly understood probability. In particular 
the assumption that events are independent. This is a very poor assumption to 
make when designing an architecture.


>Apparently your college tutor didn't do a very good job -- it seems he
>forgot to introduce you to one of the most basic principles of error
>analysis, which is when the demonstrable probability of one sort of
>error is orders of magnitude less than the demonstrable probability
>of other sorts of errors the first source can be ignored.

Actually this is a gross simplification which is sufficient for use as a rule of 
thumb by academics but goes over poorly if one is arguing the saftey case for an 
nuclear physics experiment or the like. Events at three mile island demonstrate 
what happens when three disjoint failures combine to create a failure. Similarly 
if you read accounts of Chernobyl the probability of the plant entering the 
critical region was discounted as improbable, unfortunately the same safety 
manual described plant tests which involved taking the plant into that zone.


The point about hand waving and fuzzy-wuzzy "pretty unlikely" statements is that 
it is usually impossible to do a comprehensive analysis of the probabilities. 
Hence an analysis is almost inevitably an approximation and is thus subject to a 
probability of error itself.

Being pretty sure that error is pretty unlikely is not as good as eliminating a 
possible failure mode entirely.


	Phill
Received on Thursday, 8 February 1996 08:42:48 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:44 EDT