John C Klensin <john-ietf(_at_)jck(_dot_)com> writes:
To that end, since CRAM-MD5 is very widely deployed, I'd like to
see a much stronger justification for removing it than matters
of taste.
Seconded.
In the programs I use, mostly centered around e-mail and SMTP/IMAP,
CRAM-MD5 is the normal non-plaintext mechanism. DIGEST-MD5 is rarely
available.
I believe document quality would be served better by mentioning both
CRAM-MD5 and DIGEST-MD5; that the former is currently more widely
implemented; that the latter considered by some to be better; and that
both of them are better than plaintext passwords.
On the other hand, if your and your colleagues have concluded
that CRAM-MD5 is inherently dangerous or harmful, I think it is
about time we see an RFC that documents that reasons for that
conclusion, approved through a community consensus process, and
containing recommendations for phasing CRAM-MD5 out, just as the
IETF has previously recommended phasing out clear text passwords.
Seconded! Personally, I prefer CRAM-MD5 over DIGEST-MD5 in typical
e-mail scenarios. If you need a security layer, I recommend TLS
rather than the non-interoperable, under-specified, and poorly
analyzed DIGEST-MD5 security layer. Further, CRAM-MD5 is based on
HMAC-MD5, a cryptographic primitive that at least some real
cryptographers have opinions on. The keyed-MD5 scheme used in
DIGEST-MD5 is not a standard cryptographic primitive, as far as I
know.
Thanks,
Simon
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf