sasl-3.1: Mention size limit of incoming SASL authentication messages #529
Description
An unauthenticated client can accumulate SASL message data by repeatedly sending 400-byte AUTHENTICATE messages.
A naive server implementation might accumulate SASL message data in a buffer indefinitely, causing... an OOM from unauthenticated users.
It could be useful to either mention this as advice to service developers (informational), or to mention a max limit (in bytes, probably) (informative, or even normative if we want to enforce a max size, but I suppose that it's too late for that).