IDs: 2^31? #46
Comments
|
What was wrong with string IDs in v1? They just need to be random, right? |
|
I have added text to this section https://github.com/tavendo/WAMP/blob/master/spec/basic.md#ids |
|
In that case, I vote for 2^31. On Arduino, the largest storable number is a 16-bit int (for Uno) and 32-bit int (for Due) (source). It's possible to work around this, but I think 31 bits can be sufficiently random. Also, most IDs are short-lived enough and can be scoped well enough that it should be fine. In a future version, this could be specified in the WELCOME.Details if it needs to be expanded. |
|
Going to 2^31, yes, I agree for "router scope" and "session scope" IDs from this list: https://github.com/tavendo/WAMP/blob/master/spec/basic.md#ids The "problem" I am still struggling with are the "global scope" session and publication IDs .. 2^31 could lead to some undesired behavior due to collisions on those IDs. The publication ID could be much shorter if it included the publisher's session ID though. If so, the publication ID could actually be replaced by publisher session ID + a sequence number incremented by the broker for publications by that session. But that will then expose the publisher's session ID to any subscriber. Mmh. |
|
Are there any direct security considerations with exposing the publisher's session ID? Since there's no spoofing of session IDs, I can't immediately see any. There may, however, be privacy considerations, since this allows corelating publishes by publisher on the client side, where before we had full anonymity. |
|
described now in RC3 |
No description provided.
The text was updated successfully, but these errors were encountered: