Mark Crispin wrote: > If the answer to both is "yes" (and I sure hope so!!!), then we need to > have some recommendations as to what should be implemented in addition to > the so-called "mandatory" ones. I would therefore recommend that clients > and servers SHOULD implement as many additional authentication mechanisms > as possible, with particular emphasis on: KERBEROS_V4, GSSAPI, CRAM-MD5, > DIGEST-MD5. I would also note that failure to implement any of these > mechanisms may result in loss of interoperability.
That would be acceptable to me. But I would rather not mention KERBEROS_V4, as GSSAPI made it obsolete. Also my preference in listing mechanisms would be: DIGEST-MD5, GSSAPI, CRAM-MD5. (I wish I have some statistics on usage of different mechanisms) Regards, Alexey Melnikov __________________________________________ R & D, ACI Worldwide/MessagingDirect Richmond, Surrey, UK Phone: +44 20 8332 4508 Home Page: http://orthanc.ab.ca/mel I speak for myself only, not for my employer. __________________________________________
