[Standards] [Fwd: I-D Action:draft-melnikov-digest-to-historic-00.txt]

Michal 'vorner' Vaner vorner at ucw.cz
Tue Sep 11 16:51:07 UTC 2007


Hello

On Tue, Sep 11, 2007 at 10:00:52PM +0530, Mridul Muralidharan wrote:
> Ian Paterson wrote:
>> TLS + DIGEST-MD5 is stronger than TLS + SASL PLAIN
>
> In what way ? On the wire there is no difference.
> If end to end there is tls (from the client to the server), then there is 
> not much difference between both.

No-one knows, when TLS gets broken, like got many other encryption
methods before. This way you get one security layer more and gives you
time.

IMO clients (whenever possible) should be able to do both PLAIN and
DIGEST-MD5. If you need server that does not store the passwords
plain-text, then you have to choose PLAIN, probably.

I'm against removing DIGEST-MD5, or at last, keep it as SHOULD, please.

-- 
There's the light at the end of the the Windows.
   -- Havlik Denis

Michal 'vorner' Vaner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20070911/fa793ba9/attachment.sig>


More information about the Standards mailing list