[Top] [All Lists]

Re: Requesting reviews: SMTP AUTH update, draft-siemborski-rfc2554bis-05.txt

2006-12-04 15:29:51

Alexey Melnikov wrote:

The draft is referencing <mailbox> from RFC 2821, not from 
RFC 2822!

That will do the trick.  It's a <Mailbox> there, checking, yes,
rule names are case insensitive.  In 2368 it's a 2822-<mailbox>.

Maybe copy what you need from the Wikipedia article.

Are you talking about CRAM-MD5/DIGEST-MD5 or ESMTPA? I was
talking about the latter here.

Me too.  I've never seen anything ESMTPA that's not CRAM-MD5
so far, but I also didn't try hard to find it.

I don't think CRAM-MD5 is a starter due to security concerns.

The only security difference I'm aware of is the <cnonce> if
DIGEST-MD5 is used for authentication.  If you know some
interoperable DIGEST-MD5 combo of MSA and MUA maybe submit
to the interop list, fresh ammo for the last call flamewar.

If you need a working DIGEST-MD5 example you can grab it from
NNTPAUTH (test:test).  What's the example password for rjs3 ?
I'm collecting most working MD5 examples published in RFCs :-)