[Standards] [Fwd: I-D Action:draft-melnikov-digest-to-historic-00.txt]

Peter Saint-Andre stpeter at stpeter.im
Tue Sep 11 15:28:48 UTC 2007


Dave Cridland wrote:
> On Tue Sep 11 11:55:35 2007, Jonathan Chayce Dickinson wrote:
>> Interesting because most clients used Digest-MD5, so what do we use now?
>> Cram-MD5? Or is there some other newfangled method out there?
>>
>>
> DIGEST-MD5 is still more secure than CRAM-MD5, and this won't change
> because of that draft. :-)

Back in August I emailed about this issue [1] with the IETF area
directors for applications and security, relevant WG chairs, and
interested others. The conclusion was that in rfc3920bis we would make
the following changes to the mandatory-to-implement technologies:

1. Remove DIGEST-MD5

2. Add TLS + SASL PLAIN

/psa

[1] http://mail.jabber.org/pipermail/standards/2007-August/016262.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070911/c082d17d/attachment.bin>


More information about the Standards mailing list