[Top] [All Lists]

Re: line lengths for AUTH

2006-12-11 03:32:23

Frank Ellermann wrote:

Alexey Melnikov wrote:
I guess the document can specify an absolute minimum and allow
implementations to support bigger line lengths.
For an example see RFC 3461 chapter 5.4.  Anything over the RFC
2821 limit 512 is documented resulting in a limit 1036 for DSN.
There is already some text in the document about the AUTH parameter length limit, as well as about the authentication exchange line length limit.

This can get rather long for the various DIGEST-MD5 parameters,
especially realm, nonce, cnonce, user, auth-"uri", and authzid.
DIGEST-MD5 limits each step of authentication exchange to 2048 bytes.

Plus parameters with smaller limits, algorithm, qop, nc, digest,
stale, maxbuf, charset, prep, and cipher-opts, depending on the
chosen DIGEST-MD5 variant.  The example in RFC 4643 is:

[C] dXNlcm5hbWU9InRlc3QiLHJlYWxtPSJlYWdsZS5vY2VhbmEuY29tIixub25j

356 chars. for short values like nntp/localhost and a simple realm.