Alexey Melnikov <[EMAIL PROTECTED]> writes: > David B Funk wrote: > >> On Wed, 29 May 2002, Mark Crispin wrote: >> >> > OK, this is helpful and may be the breakthrough that was needed. >> > >> > How about the following: >> > >> [big snip...] >> > >> > This matches current reality. >> >> I don't see SRP discussed anywhere. I feel more comfortable with >> it than CRAM-MD5 because of the issue of storage of passwords on >> the server. Is it too far out? >> >> In case you haven't heard of SRP, see: >> <http://www-cs-students.stanford.edu/~tjw/srp/index.html> >> > > SRP is even less deployed than DIGEST-MD5 and the document is not > stable. > But this is not to discourage you to implement it in your client/server, > if any ;-).
A bit of warning: The patent situation for SRP seems unclear. I think it would be a bad idea to promote SRP in a protocol like IMAP in any way unless the patent situation is clear. If I recall correctly, this was discussed in the SACRED group recently.
