RE: 255 character limit in reg-name from Dave McAlpin on 2004-07-16 (uri@w3.org from July 2004)

From: Dave McAlpin <Dave.McAlpin@epok.net>
Date: Fri, 16 Jul 2004 03:29:56 -0400
To: "Roy T. Fielding" <fielding@gbiv.com>
Cc: <uri@w3.org>
Message-ID: <1636C74D3A020E4781DC433A4D901D950F15B0@empire.dc.epokinc.com>

It's a good point about buffer overflows, but with the current language about registered names, the 255 character limit seems really arbitrary. Could we remove the hard restriction in the BNF and handle it as a normative SHOULD, justified with your text below?

Dave

________________________________

From: Roy T. Fielding [mailto:fielding@gbiv.com]
Sent: Thu 7/15/2004 2:58 PM
To: Dave McAlpin
Cc: uri@w3.org
Subject: Re: 255 character limit in reg-name

On Thursday, July 15, 2004, at 09:51  AM, Dave McAlpin wrote:
> Since a DNS domain name is only one of many possible types of
> registered names, the 255 character limit on reg-name seems
> unnecessarily restrictive. Can this limit be dropped?

Do you know of any registered name system that registers names larger
than 255 characters?  The purpose of the limit is to allow
implementations
to reject (without processing) any URI that seeks to cause a buffer
overflow in the registered name lookup.  Even though the names are not
restricted to DNS, most systems use the DNS interface routines to do
a lookup and those routines are limited to 255 characters, and thus
practical usage of larger names is prevented anyway.

....Roy

Received on Friday, 16 July 2004 03:33:50 UTC