[NNTP] AUTHINFO SASL initial response and command length
Russ Allbery
rra at stanford.edu
Wed Dec 1 11:39:15 PST 2004
Ken Murchison <ken at oceana.com> writes:
> The current AUTHINFO drafts states:
> "Note that the AUTHINFO SASL command is still subject to the line
> length limitations defined in [NNTP]. If use of the initial response
> argument would cause the AUTHINFO SASL command to exceed this length,
> the client MUST NOT use the initial response parameter (and instead
> proceed as defined in section 5.1 of [SASL])."
> However, the base draft states:
> "Command lines MUST NOT exceed 512 octets, which includes the terminating
> CRLF pair. The arguments MUST NOT exceed 497 octets. A server MAY relax
> these limits for commands defined in an extension."
> Do we want to take advantage of this for AUTHINFO SASL? It would
> eliminate an extra roundtrip for those mechs which can have an extremely
> long initial response (GSSAPI). Besides, the client and server already
> need to handle potentially long challenge/response in the rest of the
> exchange.
I'd actually thought we were already doing that. Yes, I think I'm in
favor of that.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list