OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

mqtt message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (MQTT-11) Length of client Identifier

    [ http://tools.oasis-open.org/issues/browse/MQTT-11?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=33477#action_33477 ] 

Raphael Cohen commented on MQTT-11:

"The clientId MAY contain zero characters." 

First time I read this I thought it meant ASCII NULs or code point 48. Then I realised it meant empty. Could we re-word the spec to say 'MUST NOT be empty' rather than 'zero characters'?

"For cleansession=1 clients"...
I'd still argue that it should be provided, although it's a minor breakage if we did. May be we could have a 'brokers MAY reject a connection if a client identifier is not provided'.

My only input on any length restriction is that it ought to make it easy for brokers to be defensive when on the internet. Receipt of the CONNECT is effectively from an unknown source until it's been processed. A simple DoS would be to send lots of 65K connection identifiers... A simple defence is for a broker to only have, say, a 4K buffer for the first packet it receives, so that in the event of a DoS flood it never gets close to an out-of-memory situation. At that point bad stuff can still happen, but the broker's got a much better idea of what it's supposed to be dealing with. Still, this could still be a per-broker decision if we adopt the 'MAY' syntax above for any client identifier.

Perhaps we need a 'client identifier too long / too short / not acceptable' error code?

> Length of client Identifier
> ---------------------------
>                 Key: MQTT-11
>                 URL: http://tools.oasis-open.org/issues/browse/MQTT-11
>             Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
>          Issue Type: Improvement
>          Components: core
>            Reporter: Andrew Banks
> The current specification says that the client Identifier must be 1 - 23 characters in length.
> Should this mean 
> 1-23 bytes when transformed to UTF-8
> 1-23 Unicode characters, counting surrogate pairs as single characters
> 1-23 Unicode characters, counting surrogate pairs as two characters 

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]