Mark Crispin wrote: > On Wed, 29 May 2002, Lawrence Greenfield wrote: > > Our local site policy doesn't offer DIGEST-MD5---but > > that isn't what we're talking about. > > The point seems to be interoperability between compliant implementations. > A client which only implements DIGEST-MD5 is not able to talk to your > server. > > I think that we can require SSL/TLS + plaintext and for the most part > reflect the world that exists today. > > I don't think that we can require DIGEST-MD5 and reflect the world that > exists today; nor do I think that an implementor would be well-served by a > document that implies that a viable product can be produced that only > implements DIGEST-MD5. > > This argument would actually suggest against removing the requirement for > CRAM-MD5 in my proposal and going only with SSL/TLS + plaintext. Perhaps > that's the best thing to do.
I would rather not do that, as it is not always trivial to add TLS support to a client/server. I like CRAM-MD5 as MUST (for interoperability), DIGEST-MD5 as SHOULD and cleartext + TLS as MUST. So basically this is your original proposal without Kerberos and Port 993. Alexey __________________________________________ R & D, ACI Worldwide/MessagingDirect Richmond, Surrey, UK Phone: +44 20 8332 4508 Home Page: http://orthanc.ab.ca/mel I speak for myself only, not for my employer. __________________________________________
