On Wed, Oct 23, 2019 at 07:52:33AM -0700, Watson Ladd wrote: > On Wed, Oct 23, 2019 at 7:35 AM Bill Frantz <fra...@pwpconsult.com> wrote: > > > > A perhaps radical suggestion: > > > > Make the server name field fixed length e.g. 256 bytes. Longer > > server names are not supported and clients MUST NOT send them. > > (Both client and server can't use them because they won't fit in > > the fixed length field.) > > The limit of server name in DNS is 260 bytes, so that limit already > exists. No reason to shorten it elsewhere!
Got a reference for the 260 byte limit? According to RFC 1035, the maximum DNS hostname length is 253 bytes: "To simplify implementations, the total length of a domain name (i.e., label octets and label length octets) is restricted to 255 octets or less." This is for wire-form encoding, which has 2 bytes of overhead (initial and terminal lengths), so maximum 253 bytes for the hostname. However RFC2181 says: "A full domain name is limited to 255 octets (including the separators). The zero length full name is defined as representing the root of the DNS tree, and is typically written and displayed as '.'." Which could be interpretted as that the final length is not part of the 255 byte limit, and thus DNS name being maximum of 256 octets, corresponding to maximum hostname length of 254 bytes. However, dig utility refuses to send such queries (can send 253 bytes just fine), so I presume that the 255 octet limit is intended to include the terminal length -> maximum hostname length is 253 octets. I can not find any justification for higher limit from any RFC updating 1035 or 2181. And I would expect any such limit to have been significantly above 253 bytes. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
