John C Klensin wrote: > that topic opens up one of the fundamental issues with our > standards process ... one where better definition and clear > community consensus is, IMO, needed. "Fundamental" and "consensus" sounds dangerous, see subject. > 2195 exists in multiple independent implementations, has been > widely deployed, and is considered useful by many of those > who are using it. Yes, easy to implement, better than PLAIN (outside of TLS). > Current thinking in the security area is that it isn't much > better than the use of clear-text passwords Maybe they'll prove this in an understandable way, or offer it as their opinion. I could also offer an opinion about 6 to 10 parameters of DIGEST-MD5, its RFC 2069 fallback under certain (TBD) conditions, the proposed backslash canonicalization, etc. > the requirements for Draft Standard don't require that we > recommend the use of the protocol involved: "Draft" and "Not > Recommended" are perfectly consistent. Good, let's keep say STD 20 as is, all its about 57 lines. :-) Frank http://purl.net/xyzzy/home/test/cram.xml _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf