Keith Moore wrote:
The current document purports to be a candidate for BCP and yet it
recommends a practice which is clearly no longer appropriate.
clearly?
please provide a citation to any sort of official consensus statement
that
establishes this clarity.
you seem to be confusing two things - technical quality and community
consensus.
both are necessary conditions for approving the document. but they are
not the same thing.
or to put it another way -
a) it should be clear to you that CRAM-MD5 has known weaknesses that
would make it
unlikely to be suitable for BCP
b) it should also be clear to you that a BCP candidate that recommends
CRAM-MD5 is
unlikely to gain consensus
Keith
However, a BCP that states something like
CRAM-MD5 is widely deployed for this purpose but due to known weaknesses
[citations] is NOT RECOMMENDED. The RECOMMENDED alternatives are ...
might have a reasonable chance of gaining consensus.
Brian
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf