RE: 255 character limit in reg-name

Hi,

It is possible (unlikely?) that an OSI application title object identifier
(part of a full OSI application address) could exceed 255 octets.

But I don't like having this ABNF not specify the exact real limit.
Buffer overflows are a severe problem.

I would suggest a hard limit of 512 octets, with some warning
about interoperability of reg-name values longer than 255 octets.

Cheers,
- Ira

Ira McDonald (Musician / Software Architect)
Blue Roof Music / High North Inc
PO Box 221  Grand Marais, MI  49839
phone: +1-906-494-2434
email: imcdonald@sharplabs.com 

-----Original Message-----
From: uri-request@w3.org [mailto:uri-request@w3.org]On Behalf Of Dave
McAlpin
Sent: Friday, July 16, 2004 3:34 AM
To: Roy T. Fielding
Cc: uri@w3.org
Subject: RE: 255 character limit in reg-name


It's a good point about buffer overflows, but with the current language
about registered names, the 255 character limit seems really arbitrary.
Could we remove the hard restriction in the BNF and handle it as a normative
SHOULD, justified with your text below?

Dave



From: Roy T. Fielding [mailto:fielding@gbiv.com]
Sent: Thu 7/15/2004 2:58 PM
To: Dave McAlpin
Cc: uri@w3.org
Subject: Re: 255 character limit in reg-name


On Thursday, July 15, 2004, at 09:51  AM, Dave McAlpin wrote:
> Since a DNS domain name is only one of many possible types of
> registered names, the 255 character limit on reg-name seems
> unnecessarily restrictive. Can this limit be dropped?

Do you know of any registered name system that registers names larger
than 255 characters?  The purpose of the limit is to allow
implementations
to reject (without processing) any URI that seeks to cause a buffer
overflow in the registered name lookup.  Even though the names are not
restricted to DNS, most systems use the DNS interface routines to do
a lookup and those routines are limited to 255 characters, and thus
practical usage of larger names is prevented anyway.

....Roy

Received on Friday, 16 July 2004 11:28:43 UTC