Closed brycekahle closed 9 years ago
I'll fix this when I touch the sequence number. Unfortunately there's still a lot of low effort stuff just to get the handshake working quick instead of to get it working well.
Incoming message validation and sending proper faults is another large aspect that's severely lacking.
The RFC suggests (SHOULD) to base the cookie off a random secret and client parameters.