RFC Errata
RFC 6616, "A Simple Authentication and Security Layer (SASL) and Generic Security Service Application Program Interface (GSS-API) Mechanism for OpenID", May 2012
Source of RFC: kitten (sec)
Errata ID: 7074
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Nadja Reitzenstein
Date Reported: 2022-08-06
Section 2.1 says:
The nonce value MUST be at least 2^32 bits and large enough to handle well in excess of the number of concurrent transactions a SASL server shall see.
It should say:
The nonce value MUST be at least 32 bits and large enough to handle well in excess of the number of concurrent transactions a SASL server shall see.
Notes:
A nonce of 512MiB is rather excessive to be generated for every authenticating client.
As this nonce also has to be transported within the URI sent to both the SASL client and called by the OIDC IdP the Note in section 3.2.1 of RFC 2616 seems to apply:
"Servers ought to be cautious about depending on URI lengths above 255 bytes, because some older client or proxy implementations might not properly support these lengths."
A lower bound requirement of 32 bits for the nonce seems more appropiate; most platforms are able to efficiently handle 32-bit integers and is still likely to prevent a brute-force attack given the HTTP request overhead.