The protocol by which ccr worlds establish a communications link with each other moves through several stages, with a gradually increasing `message size limit' allocated to the connection as the stages are successfully negotiated. Note that all of the strategies discussed here are in addition to the mechanisms provided by the TCP and IP version 4 transport mechanisms. Initially a ccr world will read only small messages, of no more than 128 bytes, from an incoming connection. Such messages are sufficient to exchange version information and establish a cryptographic `session key' for the connection, which both establishes identities and insulates the channel from eavesdroppers and intruders. Any attempt to send a larger message causes the connection to be cut at the receiving end.
If this initial stage succeeds, more trust is warranted, and the incoming message size limit is raised to 1Kbyte, which is enough to complete the connection establishment protocol. At the successful conclusion of the `greeting ritual', the message size limit is raised to 100Kbytes. Note that while that number is high enough for most typical channel uses, it is much less than it could be. Higher limits, if desired, can be set by deliberate act of the ccr world owner. This strategy is typical of ccr's self-protection mechanisms. Even once a remote ccr world is identified and the communications channel secured, still only limited trust is granted to the channel because inconvenient or dangerous things still may happen, either due to a user's mistake, or to malicious intent, or to bugs in the code.