Hi all,
We have proofread the DCCP spec in detail for AUTH48, and have found a number
of technical nits. There was one thing that I wanted to mention explicitly
before AUTH48 ends.
We propose to change the default value of the Allow Short Sequence Numbers
feature to 0.
Recap: DCCP sequence numbers can be either long (48 bits) or short (24 bits).
Short sequence numbers save header space, but leave connections at greater
risk for attack (and sequence number wrapping).
It seems like stack implementations should default to long sequence numbers,
since this is safe, and allow short sequence numbers only if a connection is
known to be data-limited. We can indicate this in the spec by setting Allow
Short Seqnos's default to 0.
Quick comments OK.
Thanks,
Eddie
