On 3/15/06, Eddie Kohler <kohler@xxxxxxxxxxx> wrote: > Hi all, > > We have proofread the DCCP spec in detail for AUTH48, and have found a number > of technical nits. There was one thing that I wanted to mention explicitly > before AUTH48 ends. > > We propose to change the default value of the Allow Short Sequence Numbers > feature to 0. > > Recap: DCCP sequence numbers can be either long (48 bits) or short (24 bits). > Short sequence numbers save header space, but leave connections at greater > risk for attack (and sequence number wrapping). > > It seems like stack implementations should default to long sequence numbers, > since this is safe, and allow short sequence numbers only if a connection is > known to be data-limited. We can indicate this in the spec by setting Allow > Short Seqnos's default to 0. > > Quick comments OK. FYI: The Linux implementation doesn't even support short sequence numbers currently, haven't checked the NetBSD one. - Arnaldo
