On Thu, 30 May 2002 11:06:47 -0600, Lyndon Nerenberg wrote: > If the requirement is strictly for the "can interoperate" checkbox > then that list should contain only CRAM-MD5. I'm firmly against > mandating code bloat and complexity solely for political reasons.
I can go with this too. > And really, *requiring* that something like a very lightweight > "check-for-new-mail" type client implement TLS when it will never be > used (by the target market for the client) is just silly. Well, at least here at UW, such clients are useless unless they implement either TLS or Kerberos. Passwords at UW are not stored in a CRAM-MD5 (or, for that matter, DIGEST-MD5) ameniable form. It's a bit premature to talk much about it, but we're working on the new mail notification problem here at UW, using "push" type notifications. The basic idea is that MDAs spam a daemon with delivery information as an event. That daemon, in turn, passes on the event to any clients which have registered for that event. I'd rather not go into further details; this is very much a work in progress and anything that I'd say now may be completely wrong when we have something to show the world.
