[NNTP] AUTHINFO SASL initial response and command length
Ken Murchison
ken at oceana.com
Fri Dec 3 11:48:26 PST 2004
Russ Allbery wrote:
> Ken Murchison <ken at oceana.com> writes:
>
>
>>The current AUTHINFO drafts states:
>>"Note that the AUTHINFO SASL command is still subject to the line
>>length limitations defined in [NNTP]. If use of the initial response
>>argument would cause the AUTHINFO SASL command to exceed this length,
>>the client MUST NOT use the initial response parameter (and instead
>>proceed as defined in section 5.1 of [SASL])."
>
>
>>However, the base draft states:
>
>
>>"Command lines MUST NOT exceed 512 octets, which includes the terminating
>>CRLF pair. The arguments MUST NOT exceed 497 octets. A server MAY relax
>>these limits for commands defined in an extension."
>
>
>>Do we want to take advantage of this for AUTHINFO SASL? It would
>>eliminate an extra roundtrip for those mechs which can have an extremely
>>long initial response (GSSAPI). Besides, the client and server already
>>need to handle potentially long challenge/response in the rest of the
>>exchange.
>
>
> I'd actually thought we were already doing that. Yes, I think I'm in
> favor of that.
Russ can't possibly be the only person with an opinion on this. I
remember quite a long thread on the command line length issue. Perhaps
I'll go back and re-read the thread myself.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list