ietf-nntp AUTHINFO SASL protocol choices
Russ Allbery
rra at stanford.edu
Wed Apr 3 11:02:51 PST 2002
Charles Lindsey <chl at clw.cs.man.ac.uk> writes:
> No, I don't *shrug*. There is something seriously wrong with a system
> which requires you to pass 64K just to authenticate yourself, in order
> that you may then post a couple of articles amounting to maybe 2K. Talk
> about the tail wagging the dog :-) .
I think it's fairly sound protocol design to set a large upper limit. I
don't know how they arrived at that particular number, but if I were doing
so, I'd follow some logic chain like this:
Assume you have to do a key exchange for some reason, so you have to
provide a signed public key for yourself. Assume 8192-bit keys (1K keys).
Assume 50% protocol overhead for some reason (timestamps, authority tags,
personal information, whatever -- who knows what they're going to put into
certificates in ten years). The worst chain of authority to an agreed
root that I've heard of is around four steps; double that. 1.5K * 8 keys
is 12K. Multiply by 1.5 for base64 encoding. That gives you 18K. Assume
that all of your calculations are potentially low, so double that again.
That gives you 36K and you may as well round up to the next power of two.
It's just defensive planning. You make the worst-case assumptions that
you can think of, and then you at least double them.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list