ietf-smtp
[Top] [All Lists]

Re: Requesting reviews: SMTP AUTH update, draft-siemborski-rfc2554bis-05.txt

2006-12-07 09:09:36

John C Klensin wrote:

(3) The comments about line lengths of the Base64 strings, and
perhaps a few other things, smack of the possibility of having
to do an out-of-band negotiation or agreement about sizes
between client and server.  If that is not the case, the text
could use a little cleaning up, perhaps in the form of a
reference to whether the necessary lengths can be found for each
possible method.

John,
This is tricky. SASL framework itself doesn't provide a way to find out how big data sent during authentication exchange can be. Any existing SASL mechanism I've seen doesn't send more than 300-400 bytes in any step of an authentication exchange.

In practice, I hope people use separate resizable buffers for handling authentication exchanges.

If it is... well, that is trouble.

<Prev in Thread] Current Thread [Next in Thread>