At 01:36 PM 9/7/2006, John C Klensin wrote: >Actually, that topic opens up one of the fundamental issues with >our standards process ... one where better definition and clear >community consensus is, IMO, needed. Measured by our documented >criteria, 2195 exists in multiple independent implementations, >has been widely deployed, and is considered useful by many of >those who are using it. In addition to security concerns, it must be stated that implementations of RFC 2195 suffer from interoperability problems due to its failure to specify a character set/encoding and normalization/preparation algorithm for the password string. The WG decided it was better to document current implementations of CRAM-MD5 than to rework CRAM-MD5 to address these and other issues, and to do so on the Informational track. If you have something new to add to the discussion of revision approach taken within the SASL WG, you (and others) are welcomed to comment on the SASL WG list. The document will be in WG Last Call soon. -- Kurt, SASL WG co-chair _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf