[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [m2m-iwg] AXEDA Comments on MQTT contribution to ECLIPSE PAHO & OASIS
|
> I strongly suspect it comes from heritage MQSeries (and mainframe) days, but
> ICBW. AndySC, Dave, Ian, Nick et al might be able to fill in more detail.
Yes, the recommendation to use less than 12 chars in the
username/password dates back to heritage days, when it had to adhere
to certain pre-existing server limitations. Looking at it now, it
seems a completely unnecessary thing to include in the protocol spec.
If your server implementation imposes limits, its for the server
implementation to document.
In a similar vein, the client ID length was pegged at 23 characters -
although in that instance it was set as a hard limit, rather than a
"recommended" limit. Certainly something to be looked at moving
forward.
One other point to make from Mats' original mail; as I understand it,
MQTT-S is not part of the OASIS standards effort at this time. That
said, the "legal issues surrounding the MQTT-S spec" is nothing more
than the fact the proper boiler-plate text was omitted from the spec
when it was published by our Research colleagues. There is an open
action with us to get that sorted out.
Regards,
Nick
On 28 January 2013 16:18, andypiperuk@xxxxxxxxx <andypiperuk@xxxxxxxxx> wrote:
> That is a very good point, Roger.
>
> I strongly suspect it comes from heritage MQSeries (and mainframe) days, but
> ICBW. AndySC, Dave, Ian, Nick et al might be able to fill in more detail.
>
> Probably does not make sense to mandate a particular length, especially one
> that short.
>
>
> On Mon, Jan 28, 2013 at 4:06 PM, Roger Light <roger@xxxxxxxxxx> wrote:
>>
>> On Sat, Jan 26, 2013 at 7:39 PM, UOMo <uomo@xxxxxxxxxxx> wrote:
>>
>> > Those of you dealing with OASIS might have seen this comparison then:
>> >
>> > https://lists.oasis-open.org/archives/amqp/201202/msg00086/StormMQ_WhitePaper_-_A_Comparison_of_AMQP_and_MQTT.pdf
>>
>> Raphael raises some interesting points but I disagree with a few of
>> them. I haven't emailed him about it. One of the points which he has
>> incorrect is "MQTT requires short user names and short passwords that
>> do not provide enough entropy in the modern world." Although this is
>> incorrect, the spec does *recommend* that usernames and passwords are
>> kept to 12 characters or fewer. Do we really want to recommend short
>> passwords? I think this recommendation is something that should be
>> removed from the spec as part of the OASIS work. There is no backwards
>> compatibility issue and I don't believe that it is a good
>> recommendation.
>>
>> Cheers,
>>
>> Roger
>> _______________________________________________
>> m2m-iwg mailing list
>> m2m-iwg@xxxxxxxxxxx
>> http://dev.eclipse.org/mailman/listinfo/m2m-iwg
>
>
>
>
> --
> Andy Piper | Farnborough, Hampshire (UK)
> blog: http://andypiper.co.uk | skype: andypiperuk
> twitter: @andypiper | images: http://www.flickr.com/photos/andypiper
>
> _______________________________________________
> m2m-iwg mailing list
> m2m-iwg@xxxxxxxxxxx
> http://dev.eclipse.org/mailman/listinfo/m2m-iwg
>
