IDs: 2^31? about wamp-proto HOT 6 CLOSED

What was wrong with string IDs in v1? They just need to be random, right?

from wamp-proto.

I have added text to this section https://github.com/tavendo/WAMP/blob/master/spec/basic.md#ids
rgd v1: I believe the processing and wire-level overheads are smaller with the new integer ids.
Also: #56

from wamp-proto.

In that case, I vote for 2^31. On Arduino, the largest storable number is a 16-bit int (for Uno) and 32-bit int (for Due) (source). It's possible to work around this, but I think 31 bits can be sufficiently random. Also, most IDs are short-lived enough and can be scoped well enough that it should be fine.

In a future version, this could be specified in the WELCOME.Details if it needs to be expanded.

from wamp-proto.

Going to 2^31, yes, I agree for "router scope" and "session scope" IDs from this list: https://github.com/tavendo/WAMP/blob/master/spec/basic.md#ids

The "problem" I am still struggling with are the "global scope" session and publication IDs .. 2^31 could lead to some undesired behavior due to collisions on those IDs.

The publication ID could be much shorter if it included the publisher's session ID though. If so, the publication ID could actually be replaced by publisher session ID + a sequence number incremented by the broker for publications by that session. But that will then expose the publisher's session ID to any subscriber. Mmh.

from wamp-proto.

Are there any direct security considerations with exposing the publisher's session ID? Since there's no spoofing of session IDs, I can't immediately see any.

There may, however, be privacy considerations, since this allows corelating publishes by publisher on the client side, where before we had full anonymity.

from wamp-proto.

described now in RC3

from wamp-proto.