Justin Karneges wrote:
this enforcement is needed not because we need to protect the poor little client, but because if the client and server don't agree on the same value then it becomes super easy to DoS the client. All a remote user needs to do is send a message that is larger than the client max, but smaller than the server max. It is critical that the client and server agree on the same maximum value.
Aha, now I see. Yes, this is critical. /psa
smime.p7s
Description: S/MIME Cryptographic Signature
