"Kurt D. Zeilenga" <Kurt@xxxxxxxxxxxx> writes: > It is my recommendation that the mandatory-to-implement > "strong" authentication mechanism for this protocol be either: > DIGEST-MD5 (with a mandate that implementations > support its data security layers) > TLS+PLAIN (with a recommendation that PLAIN not > be used when TLS is not in use). I don't think recommending the DIGEST-MD5 security layers is a good idea. The integrity layer is hard coded to be HMAC-MD5, with keys derived using a home-grown key-derivation function based on MD5. Of the privacy layers, only des and 3des were mandatory to implement in RFC 2831, and both ciphers were dropped in RFC 2831bis, presumable because they were never implemented correctly nor successfully deployed. Either situation alone should be enough to avoid recommending its use for IETF protocols, in my opinion. I believe the code complexity cost of DIGEST-MD5 generally outweigh the small advantages that DIGEST-MD5 may have, for the majority of users. This is why, in my perception, DIGEST-MD5 hasn't "taken off". The lack of cryptographic analysis and cryptographic flexibility doesn't improve the situation. TLS+PLAIN seem like a fine recommendation, though. Cheers, Simon _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf