-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IDs: 2^31? #46
Comments
What was wrong with string IDs in v1? They just need to be random, right? |
I have added text to this section https://github.com/tavendo/WAMP/blob/master/spec/basic.md#ids |
In that case, I vote for 2^31. On Arduino, the largest storable number is a 16-bit int (for Uno) and 32-bit int (for Due) (source). It's possible to work around this, but I think 31 bits can be sufficiently random. Also, most IDs are short-lived enough and can be scoped well enough that it should be fine. In a future version, this could be specified in the WELCOME.Details if it needs to be expanded. |
Going to 2^31, yes, I agree for "router scope" and "session scope" IDs from this list: https://github.com/tavendo/WAMP/blob/master/spec/basic.md#ids The "problem" I am still struggling with are the "global scope" session and publication IDs .. 2^31 could lead to some undesired behavior due to collisions on those IDs. The publication ID could be much shorter if it included the publisher's session ID though. If so, the publication ID could actually be replaced by publisher session ID + a sequence number incremented by the broker for publications by that session. But that will then expose the publisher's session ID to any subscriber. Mmh. |
Are there any direct security considerations with exposing the publisher's session ID? Since there's no spoofing of session IDs, I can't immediately see any. There may, however, be privacy considerations, since this allows corelating publishes by publisher on the client side, where before we had full anonymity. |
described now in RC3 |
No description provided.
The text was updated successfully, but these errors were encountered: