Randomness of message IDs

[mitar]

In release notes for the latest release I saw mention of randomness and changes to it and I went and checked where randNum is used and I was surprised that it is used only in SetMessageID. Even more I was surprised that it is used twice, to obtain two number and than additional 17 bytes random string is used as well. I really do not get why message IDs have to be so complicated?

<processID.randomNumberPrimary.randomNumberSecondary.randomString@hostname>

I mean, if you have 17 bytes of secure random string in there, there is really no need for extra non-secure two numbers at all. This is just adding characters without much benefit. And with 17 bytes of secure randomness I would even claim that there is no point in adding anything extra, it is not really feasible that two strings would happen to be the same, so process ID is also unnecessary.

My proposal would be to increase randomString length to 22 characters, this is around 128 bits of entropy then, and do not use anything else for message ID.

[wneessen]

Thanks for the feedback @mitar. Actually a good call. IIRC I was just following what Postfix was doing for Message IDs - so let's call it "historicly grown" ;)
I've just revised the RFC and I agree that what we are doing right now is overkill. I'll create an issue with your proposal. I think it's a good idea.

[wneessen]

This is now merged into main via #327 / #329.