Michal 'vorner' Vaner wrote: > Hello > > On Sun, Jun 24, 2007 at 11:01:26AM -0400, Andrew Plotkin wrote: >> On Sun, 24 Jun 2007, Michal 'vorner' Vaner wrote: >> >>> And it would seem more reasonable to specify (or allow servers to do so) >>> the limit of stanza? Because it is not only the roster then, but private >>> storage, privacy lists... >>> >>> If there must be a limit, then I think the limit should be enforcible by >>> the server, and if server wants to have 2047, then why not? >> Only if we can guarantee that there will never be cases where one server >> has >> to store (or cache) another server's entry. That's a worrisome promise to >> make. >> >> A fixed limit also makes it easier for an admin to migrate server software >> transparently to his users. > > With users that store books in their rosters ;-) As I said, such user > deserves odd behaviour. > >> I admit that not a lot of people are going to hit this edge case, but in >> principle... > > I just do not like setting hard limits in protocol when they do not come > out from the logic. I accept there is no need for such long names now > and probably will not be at any time,
Why design for something that is not needed and never will be needed? > but if I ask why on earth 1023? I proposed 1023. Feel free to propose something else. > There were points where there was no choice to put a hard limit (ipv4, > for example). But I do not like this limit in the protocol because of > someone might be crazy. It seems better to specify things than not to specify things. That's what a specification is all about. :) > Is there a limit for size of EMail in the > protocol? No, there isn't, if the server considers it to be "too big", > it tells you. But the "too big" grows with time, varies by the server > and so on. There are no hard limits on stanza sizes in XMPP. But it seems reasonable to perhaps limit the size of roster item handles and group names. Naturally you might want longer limits, but IMHO they are not needed. What's the use case for infinitely long roster item handles and roster group names? These are supposed to be user-friendly, human-readable text that an IM user can use to sort and organize roster items. > And as I said, if there is a problem with roster items, is there problem > with private storage, privacy list and so on? Will all of them be > limited? > > What is the problem with saying the server can have a limit and deny to > perform such crazy operation. The "group name too big" and "roster item handle too big" error cases will be specified in rfc3920bis (they were not specified in RFC 3920). > (BTW, did it happen that someone stored so long string somewhere, or is > it just a _possible_ problem?) AFAIK it is just a possible problem at this point. But IMHO that possible problem could lead to a DoS attack. We have seen such attacks with users who log in with too many resources (etc.) so I could definitely see such problems with users who try to set their roster groups or roster item handles to very long strings. Peter -- Peter Saint-Andre XMPP Standards Foundation http://www.xmpp.org/xsf/people/stpeter.shtml
smime.p7s
Description: S/MIME Cryptographic Signature
