John C Klensin <john-ietf@xxxxxxx> writes: > To that end, since CRAM-MD5 is very widely deployed, I'd like to > see a much stronger justification for removing it than matters > of taste. Seconded. In the programs I use, mostly centered around e-mail and SMTP/IMAP, CRAM-MD5 is the normal non-plaintext mechanism. DIGEST-MD5 is rarely available. I believe document quality would be served better by mentioning both CRAM-MD5 and DIGEST-MD5; that the former is currently more widely implemented; that the latter considered by some to be better; and that both of them are better than plaintext passwords. > On the other hand, if your and your colleagues have concluded > that CRAM-MD5 is inherently dangerous or harmful, I think it is > about time we see an RFC that documents that reasons for that > conclusion, approved through a community consensus process, and > containing recommendations for phasing CRAM-MD5 out, just as the > IETF has previously recommended phasing out clear text passwords. Seconded! Personally, I prefer CRAM-MD5 over DIGEST-MD5 in typical e-mail scenarios. If you need a security layer, I recommend TLS rather than the non-interoperable, under-specified, and poorly analyzed DIGEST-MD5 security layer. Further, CRAM-MD5 is based on HMAC-MD5, a cryptographic primitive that at least some real cryptographers have opinions on. The keyed-MD5 scheme used in DIGEST-MD5 is not a standard cryptographic primitive, as far as I know. Thanks, Simon _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf