[standards-jig] Refreshing the Thread: EDigest

Richard Dobson richard at dobson-i.net
Wed May 28 19:55:49 UTC 2003


Edigest seems fine to me now, its just an extra option for those that want
it, my only real beef was with the suggestion of depresiating standard
digest in favour of this, but as that is not going to be done now it all
seems fine to me.

Richard

----- Original Message ----- 
>From: "Dave Smith" <dizzyd at jabber.org>
To: <standards-jig at jabber.org>
Sent: Wednesday, May 28, 2003 3:31 PM
Subject: Re: [standards-jig] Refreshing the Thread: EDigest


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On Wednesday, May 28, 2003, at 07:25 America/Denver, Tijl Houtbeckers
> wrote:
>
> > And what I meant is that it's possible to write an authentication
> > module that uses plaintext (so it's compatible with old clients) that
> > does not store passwords in plaintext, but uses the edigist store
> > instead. From a security point of view they are mutually exclusive in
> > most cases, but technically they are not. For digest this is ofcourse
> > not possible, since you must have stored the password in plaintext
> > somewhere.
>
> I follow you now. I'll be sure to add a note about this in the JEP.
>
> Diz
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (Darwin)
>
> iD8DBQE+1MhAYNE3chVHHsMRAqWxAJwIsT8kWwd2EypyFXrkjUBoQ/G0fQCfZuQG
> 58cGwHLh02ImQZzXNu6lek0=
> =1w+L
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Standards-JIG mailing list
> Standards-JIG at jabber.org
> http://mailman.jabber.org/listinfo/standards-jig
>




More information about the Standards mailing list