[19624] in Kerberos
RE: Maximum AP and AS message sizes
daemon@ATHENA.MIT.EDU (Tim Alsop)
Mon Jul 21 14:07:22 2003
Message-ID: <815D636CDFAAD611A2DA006097AC6157C60B24@blackanwhitecat.cybersafe.ltd.uk>
From: Tim Alsop <Tim.Alsop@CyberSafe.Ltd.UK>
To: "Naud, Eric" <eric.naud@Terayon.com>,
Tim Alsop
<Tim.Alsop@CyberSafe.Ltd.UK>, kerberos@mit.edu
Date: Mon, 21 Jul 2003 18:55:50 +0100
MIME-Version: 1.0
Content-Type: text/plain
Errors-To: kerberos-bounces@mit.edu
Eric,
I haven't been involved in any CableHome pilot deployments, but I understand that they exist. I think the best thing you can do is to test with a 4k limit and see if any problems occur. For PKINIT in this environment I would not expect the buffer size to be > 4k. I suspect you are planning to use Jungo or IPFonix KDC - have you asked the developers of these products for guidelines ?
Cheers, Tim.
_____
From: Naud, Eric [mailto:eric.naud@Terayon.com]
Sent: 21 July 2003 18:16
To: 'Tim Alsop'; Naud, Eric; kerberos@mit.edu
Subject: RE: Maximum AP and AS message sizes
Hi Tim,
This is for Cablehome, it borrows much from the packetCable spec. What are the sizes you've seen for this context?
As for the UDP upper limit ;) I don't it would be wise to grab that much memory on this embedded device.
Eric Naud
Software Development Engineer, Ottawa Design Center
Imedia Semiconductor
613.592.1052 x232
mailto:eric.naud@imedia.com <mailto:eric.naud@imedia.com>
---------------------------------------------------------------------------------
-----Original Message-----
From: Tim Alsop [mailto:Tim.Alsop@CyberSafe.Ltd.UK]
Sent: July 21, 2003 11:47 AM
To: Tim Alsop; Naud, Eric; kerberos@mit.edu
Subject: RE: Maximum AP and AS message sizes
Eric,
I didn't mention before, but I understand the max size allowed for UDP communications is 65000 bytes, so this will be your upper limit.
Tim.
_____
From: Tim Alsop
Sent: 21 July 2003 16:45
To: 'Naud, Eric'; Tim Alsop; kerberos@mit.edu
Subject: RE: Maximum AP and AS message sizes
Eric,
I have seen in excess of 4k, but in your particular requriements the buffer may not need to be anywhere near that large. If you can confirm the usage scenario (e.g. is this a PacketCable compliant MTA ?) I can give you a better feel for size limits involved.
Tim.
_____
From: Naud, Eric [mailto:eric.naud@Terayon.com]
Sent: 21 July 2003 16:35
To: 'Tim Alsop'; Naud, Eric; kerberos@mit.edu
Subject: RE: Maximum AP and AS message sizes
Hi Tim,
Thanks for the quick response, but concerning the sizes are we talking 500 bytes, 1k, 2k? Statically allocating 4k on an embedded system is a little heavy so I'd like get a ballpark idea for the upper boudries on the reply messages.
What are the largest numbers you've seen?
Eric Naud
Software Development Engineer, Ottawa Design Center
Imedia Semiconductor
613.592.1052 x232
mailto:eric.naud@imedia.com <mailto:eric.naud@imedia.com>
---------------------------------------------------------------------------------
-----Original Message-----
From: Tim Alsop [mailto:Tim.Alsop@CyberSafe.Ltd.UK]
Sent: July 21, 2003 11:27 AM
To: Naud, Eric; kerberos@mit.edu
Subject: RE: Maximum AP and AS message sizes
Eric,
You also need to consider :
i) Whether IP addresses are stored in the tickets. In particular on a multi homed system the number of addresses can be quite large.
ii) Whether the KDC is a Microsoft KDC because PAC data will be stored in tickets.
These, along with PKINIT requirements are the major contributors to large tickets, and hence large request/response packets to/from the KDC.
Cheers, Tim.
-----Original Message-----
From: Naud, Eric [mailto:eric.naud@Terayon.com <mailto:eric.naud@Terayon.com> ]
Sent: 21 July 2003 16:23
To: kerberos@mit.edu
Subject: Maximum AP and AS message sizes
Hi All,
Can anyone tell me what the AP and AS message size maximums would be and what factor are to be considered?
I'm using PKINIT so I know my AS request will be rather large due to the certificate.
Thank!
Eric Naud
Software Development Engineer, Ottawa Design Center Imedia Semiconductor
613.592.1052 x232
mailto:eric.naud@imedia.com <mailto:eric.naud@imedia.com>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos <https://mailman.mit.edu/mailman/listinfo/kerberos>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
