RFC 5804 says:
To ensure interoperability, both client and server implementations of
the ManageSieve protocol MUST implement the SCRAM-SHA-1 [SCRAM] SASL
mechanism, as well as [PLAIN] over [TLS].
How can this be a requirement, when SCRAM requires passwords to be
stored either as plaintext or in a special SCRAM format? Very few
existing installations would be able to easily start supporting SCRAM.
(Or is this just a tricky way of saying that server code must be able to
support it, but admins can choose if it's actually enabled?)
I don't think it's especially tricky. The text clearly says "implement" and
implement != use.
Ned
_______________________________________________
sieve mailing list
sieve(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/sieve