ietf-nntp Server response length limits
Jeffrey M. Vinocur
jeff at litech.org
Tue Mar 12 23:42:56 PST 2002
On 12 Mar 2002, Andrew Gierth wrote:
> >>>>> "Clive" == Clive D W Feather <clive at demon.net> writes:
>
> >> A single-line server response must begin with a response code, and other
> >> than that can be of unbounded length. Is this true?
>
> Clive> That's right.
>
> that's a weakness that needs to be fixed, then. There is no reason to
> allow unbounded lengths of single-line response, and most existing
> software is broken by unduly long response lines. The single-line
> response should be limited to 512 octets including the CRLF (and the
> including the initial three digits and space).
So...I've been working with Chris Newman on AUTHINFO SASL. The reason I
asked the above was because we're running into issues with the line
lengths, as SASL sometimes likes to put data in the initial command of
the exchange.
The solutions which seems most elegant to me is the following:
- Stan modifies the extensions mechanism to allow extensions to
increase the line length limit. (Chris points out that we have
precedent on this; see the relevant bit of the ESMTP spec at
the end of this message.) I'd be willing to suggest wording
for this if necessary.
- We get the SASL spec revised to require that when a mechanism
is registered, the maximum size of an exchange be given. Chris
plans to ask John Myers to include this in the current draft
which revises RFC 2222; he doesn't think it will be a problem.
- In the AUTHINFO SASL extension, we require an implementation to
support a line length limit which is based on the max size of an
exchange in the SASL mechanism (of those it implements) with
the largest maximum, scaled up to account for base64 overhead.
How does this sound to people?
---- from RFC 1869 ---------------------------------------------------
4.1.2. Maximum command line length
This specification extends the SMTP MAIL FROM and RCPT TO to allow
additional parameters and parameter values. It is possible that the
MAIL FROM and RCPT TO lines that result will exceed the 512 character
limit on command line length imposed by RFC 821. This limit is
hereby amended to only apply to command lines without any parameters.
Each specification that defines new MAIL FROM or RCPT TO parameters
must also specify maximum parameter value lengths for each parameter
so that implementors of some set of extensions know how much buffer
space must be allocated. The maximum command length that must be
supported by an SMTP implementation with extensions is 512 plus the
sum of all the maximum parameter lengths for all the extensions
supported.
----------------------------------------------------------------------
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the ietf-nntp
mailing list