--On Monday, 11 December, 2006 16:46 +0000 Alexey Melnikov
(i) The description of every SASL method describes the maximum
length string that can be used.
This can be done when documents describing SASL mechanisms get
SASL EXTERNAL, PLAIN and GSSAPI got published recently and
don't contain any such text.
I don't have a strong opinion as to whether it should be a
requirement, but a one-page document that updates those three
(and any others that are relevant) to specify maximum lengths
would have some merit, IMO.
Probably a worthwhile discussion, in context with the risks of
too-large and to-small buffers, with the Security ADs.