On Wednesday 03 September 2008 15:15:22 Pedro Melo wrote: > On Sep 3, 2008, at 10:03 PM, Justin Karneges wrote: > > If you set a small value for the server policy then you'd be fine, > > but that's > > not very flexible. For example, most desktop clients are surely > > capable of > > handling a 1MB stanza, but for some reason you cap your server at a > > much > > smaller 64KB. And even 64KB is probably too much for a mobile. So > > a flat > > maximum is not ideal. > > Sure but as a server admin I would not admit a client negotiating a > larger stanza than my own C2S or S2S limits.
Right. The client would ask for a value, and the server would return one that is equal or lesser. The client would say "I want 1MB", and your server would reply with "you get 64KB". > So if the limits for the desktop client will likely be larger than > those of [CS]2S, then there really is no need for this. True. Psi has no limit, which is scary, but fortunately many servers do have a limit and so the client is protected. However, your server is not all servers. We've had issues with servers that have much larger limits or perhaps no limits at all. Users report that large messages may slow down or crash the client. Psi really ought to have its own maximum stanza size, but the trouble is I don't know what to set it at. Do you see the problem now? I find it unacceptable that a server could make Psi unusable. I believe this in the same way that MySpace shouldn't be able to make your browser unusable. :) > I agree that mobile clients will want to cap the stanza limit, but > this might be better end-to-end... Announce something via disco + IQ > protocol. > > The server itself can use the same process to figure it out what the > limit is and enforce it if likes. The server has to enforce it or it's no good. The mobile client will disconnect from the server if it receives a stanza that is too large. So, you see, if your server has a 64KB maximum, then the mobile client must also have a 64KB maximum. The funny thing is that this enforcement is needed not because we need to protect the poor little client, but because if the client and server don't agree on the same value then it becomes super easy to DoS the client. All a remote user needs to do is send a message that is larger than the client max, but smaller than the server max. It is critical that the client and server agree on the same maximum value. > > Sure, but you already have this problem with server-imposed > > limits. The fact > > is, we have these limits, because we believe stanzas should be of some > > reasonable size. All of our XEPs that may return large data must > > have a way > > of being split. That's just a fact of life. > > That's true. The limits are already there. > > /me ponders. > > I think a <feature> in disco#info plus a IQ-based protocol would be > enough. Other entities (your own server, and other clients) can use > the same protocol to obtain the limits you are willing to accept. It needs to be at the c2s level, otherwise clients can't protect themselves without DoS'ing themselves. -Justin
