The cbor library should keep track of how many bytes it has already processed of a given message and if it is larger than the maximum message size, abort parsing and return an error.
Otherwise denial of service is trivial against a RAINS server/client
The cbor library should keep track of how many bytes it has already processed of a given message and if it is larger than the maximum message size, abort parsing and return an error. Otherwise denial of service is trivial against a RAINS server/client