End-to-end Arguments in System Design

• Previous message: Shobhit Raj Mathur: "Review of Paper 7"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

End-to-end Arguments in System Design
J.H Saltzer, D.P. Reed, D.D. Clark

This paper presents an argument for why certain functionality should not
be implemented in the "low-level" communications sub-system, but should
rather be left up to the applications that demand the functionality.
The main thrust of their argument is that no pre-built function of the
sub-system can possible predict the specific needs of all future
applications, and that such pre-building may also unnecessarily hinder
applications that don't require the function at all.

This is certainly a legitimate concern, and they provide enough examples
to support it. However, the example of the faulty gateway is a reductio
ad absurdum that I find invalid. It's not the fault of the application
that the network failed to deliver its promised postconditions. If all
applications had to plan---in advance---for possible bugs in external
modules than no one would ever use a 3rd party library. Another
software engineering aspect that their argument initially avoids is the
fact that perhaps not all but overwhelmingly many applications might
demand the functions they describe of the communication subsystem.
Their examples are sufficiently uncommon (they twice use distributed
applications running on more than two hosts) that it seems as if they
would penalize common cases (in terms of ease of implementation) in
favor of reduced (though ultimately net labor-less) redundant
implementation for uncommon cases.

Ultimately, they present a middle position (not theirs) which seems most
sensible: a "function may be provided by a lower level module, but it
should alway be replaceable by an application's special version of the
function." Indeed, this seems to be where we are today. Application
that don't need TCP can use UDP to get as close to the raw datagram
layer of IP as they can. Similarly, for encryption SSL can be used, an
application specific method can be used, or no encryption can be used.
(Though it is open to argument whether SSL should be considered a part
of the communication subsystem. I think that, from an application
developers viewpoint, it is.)

• Previous message: Shobhit Raj Mathur: "Review of Paper 7"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.6 : Tue Oct 12 2004 - 15:36:44 PDT