Mark Crispin wrote: > > (2) Require implementation of DIGEST-MD5. > > This is not as widely deployed > > AFAIK it is completely undeployed in the IMAP world.
See http://www.sendmail.org/~ca/email/mel/SASL_ServerRef.html and http://www.sendmail.org/~ca/email/mel/SASL_ClientRef.html for a list of clients/servers implementing CRAM-MD5 and DIGEST-MD5 (and others). > I took a look at DIGEST-MD5 and was horrified. It is NOT a simple > mechanism to implement. There is quite a bit about it which requires > careful consideration to get right (think buffer overflow exploits). All > those optional and variable-length fields are a major pain, and quoted > strings make it a further nightmare. > > IMHO, it is premature to make DIGEST-MD5 mandatory now, but it's alright > to say SHOULD in order to get people moving in that direction. I tend to agree. > > Both options have open-source code available and many existing IMAP servers > > already comply. > > Perhaps there are IMAP servers which have it, but I haven't seen any; and > I know of no clients which have it. Regards, Alexey Melnikov __________________________________________ R & D, ACI Worldwide/MessagingDirect Richmond, Surrey, UK Phone: +44 20 8332 4508 Home Page: http://orthanc.ab.ca/mel I speak for myself only, not for my employer. __________________________________________
