From: "Arnaldo Carvalho de Melo" <acme@xxxxxxxxxxxxxxxxxx> Subject: Re: DCCP specification updates Date: Wed, 15 Mar 2006 14:56:19 -0300 Message-ID: <39e6f6c70603150956v3ab13503yd30fad71d1bbd81b@xxxxxxxxxxxxxx> > On 3/15/06, Eddie Kohler <kohler@xxxxxxxxxxx> wrote: > > Hi all, > > > > We have proofread the DCCP spec in detail for AUTH48, and have found a number > > of technical nits. There was one thing that I wanted to mention explicitly > > before AUTH48 ends. > > > > We propose to change the default value of the Allow Short Sequence Numbers > > feature to 0. > > > > Recap: DCCP sequence numbers can be either long (48 bits) or short (24 bits). > > Short sequence numbers save header space, but leave connections at greater > > risk for attack (and sequence number wrapping). > > > > It seems like stack implementations should default to long sequence numbers, > > since this is safe, and allow short sequence numbers only if a connection is > > known to be data-limited. We can indicate this in the spec by setting Allow > > Short Seqnos's default to 0. > > > > Quick comments OK. > > FYI: The Linux implementation doesn't even support short sequence numbers > currently, haven't checked the NetBSD one. The KAME implementaion includes minimal support for short seqeunce number. If the shortseq variable in dccpcb is set to 1, DCCP tries to use short sequecen number. However, no function to set the variable is implemented yet.. So, the proposal is quite OK. Thanks, -- Yoshifumi Nishida nishida@xxxxxxxxxxxxxx
