Re: line lengths for AUTH (was: Requesting reviews: SMTP AUTH update...)

ietf-smtp

Re: line lengths for AUTH (was: Requesting reviews: SMTP AUTH update...)

2006-12-07 10:07:08


On Thu, Dec 07, 2006, Alexey Melnikov wrote:

Any existing SASL mechanism I've seen doesn't send more than 300-400 
bytes in any step of an authentication exchange.


Larger lengths have been reported:

! Active Directory as kdc includes the PAC field and the tickets
! can get quite large.

and caused this change for sm 8.14:

        Increase the length of an input line to 12288 to deal with
                really long lines during SMTP AUTH negotiations.

The "unlimited" length is a pretty bad idea (potential for DoS).

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Requesting reviews: SMTP AUTH update, draft-siemborski-rfc2554bis-05.txt, John C Klensin Re: Requesting reviews: SMTP AUTH update, draft-siemborski-rfc2554bis-05.txt, Alexey Melnikov Re: Requesting reviews: SMTP AUTH update, draft-siemborski-rfc2554bis-05.txt, Alexey Melnikov Re: line lengths for AUTH (was: Requesting reviews: SMTP AUTH update...), Claus Assmann <= Re: line lengths for AUTH, Alexey Melnikov Re: line lengths for AUTH, Frank Ellermann Re: line lengths for AUTH, Alexey Melnikov Re: line lengths for AUTH, Robert A. Rosenberg Re: line lengths for AUTH, Alexey Melnikov Re: line lengths for AUTH, ned+ietf-smtp Re: line lengths for AUTH, Hector Santos Re: line lengths for AUTH, Alexey Melnikov

Previous by Date:	Re: Requesting reviews: SMTP AUTH update, draft-siemborski-rfc2554bis-05.txt, Alexey Melnikov
Next by Date:	Re: line lengths for AUTH, Alexey Melnikov
Previous by Thread:	Re: Requesting reviews: SMTP AUTH update, draft-siemborski-rfc2554bis-05.txt, Alexey Melnikov
Next by Thread:	Re: line lengths for AUTH, Alexey Melnikov
Indexes:	[Date] [Thread] [Top] [All Lists]