ietf-nntp AUTHINFO SASL protocol choices

[Jeffrey M. Vinocur]

On Tue, 2 Apr 2002, Charles Lindsey wrote:

> In <Pine.LNX.4.33.0203302127330.24120-100000 at marduk.litech.org> "Jeffrey M. Vinocur" <jeff at litech.org> writes:
>
> >1.  Do we want to instruct/permit servers to limit the amount of data
> >    sent in this fashion?
>
> If a server sees a command line longer than it cares to handle (512 or
> whatever) then I suppose it can ignore the excess and return a suitable
> 5xx response, giving the client an opportunity to try a more sensible
> approach.

Fine.  Is there consensus on this going into the base spec?


> Or else it can drop the connection (I think it is the server's
> choice).

Eh, ok.


> But if the server receives more than it cares to accept
> during a multiline command, then dropping the connection is its only
> real option (it is no different than when the client tries to POST a
> 200MB article which exceeds whatever limit the server accepts).

Agreed.


> >    It sounds like the SASL spec will put a hard limit on this, which
> >    is great.
>
> Then one hopes it will be a smallish limit. If you can do an unforgeable
> PGP signature in 1024 octets, then it should not be beyond the wit of man
> to devise a satisfactory SASL negotiation in a similar amount.

Yeah.  Any nontrivial length is guaranteed to be sufficient; if a response
needs more than will fit, the mechanism can specify a way to fragment the
response into appropriately sized pieces.  The only issue is picking a
size large enough to avoid most extra roundtrips, and they seem to think
64 K is necessary.  *shrug*


-- 
Jeffrey M. Vinocur
jeff at litech.org