John C Klensin wrote:
that topic opens up one of the fundamental issues with our
standards process ... one where better definition and clear
community consensus is, IMO, needed.
"Fundamental" and "consensus" sounds dangerous, see subject.
2195 exists in multiple independent implementations, has been
widely deployed, and is considered useful by many of those
who are using it.
Yes, easy to implement, better than PLAIN (outside of TLS).
Current thinking in the security area is that it isn't much
better than the use of clear-text passwords
Maybe they'll prove this in an understandable way, or offer it
as their opinion. I could also offer an opinion about 6 to 10
parameters of DIGEST-MD5, its RFC 2069 fallback under certain
(TBD) conditions, the proposed backslash canonicalization, etc.
the requirements for Draft Standard don't require that we
recommend the use of the protocol involved: "Draft" and "Not
Recommended" are perfectly consistent.
Good, let's keep say STD 20 as is, all its about 57 lines. :-)
Ietf mailing list