[Top] [All Lists]

Re: line lengths for AUTH

2006-12-07 10:32:12

Claus Assmann wrote:

On Thu, Dec 07, 2006, Alexey Melnikov wrote:
Any existing SASL mechanism I've seen doesn't send more than 300-400 bytes in any step of an authentication exchange.
Larger lengths have been reported:

! Active Directory as kdc includes the PAC field and the tickets
! can get quite large.

and caused this change for sm 8.14:

        Increase the length of an input line to 12288 to deal with
                really long lines during SMTP AUTH negotiations.
This is using SASL GSSAPI?

The "unlimited" length is a pretty bad idea (potential for DoS).
It is, but I would rather avoid specifying any limit in the document, because it is likely to be exceeded in the future.

But I guess the document can specify an absolute minimum and allow implementations to support bigger line lengths.