On Wed, 2007-08-15 at 12:36 -0700, Michael Shapiro wrote:
> Discussion of how to make this thing properly secured within the defined
> set of constraints is useful and productive, as long as it does not
> venture outside of those constraints into redefining the protocol
> or its clients.
Structuring the configuration interface such that a configured cram-md5
secret is never used as if it were a configured plaintext password falls
into this category; it does not change the wire protocol or require
changes to the clients, and permits sites to more reliably exclude
clients which don't do cram-md5.
rather than having a separate parameter specifying the protocols allowed
to be used with a single key it is cleaner to me to specify the cram-md5
secret and the plaintext password separately.
It might affect my views if I had a better idea of fraction of clients
out there which only do plaintext passwords. If nobody did cram-md5,
this would be irrelevant. If everyone did cram-md5, we wouldn't need to
support plaintext passwords. But is it 90-10, 50-50, or what?
- Bill
