ietf
[Top] [All Lists]

Re: Last Call: 'Email Submission Between Independent Networks' to BCP

2005-06-10 07:06:34
At 10:43 PM 6/9/2005, Frank Ellermann wrote:
And if they don't like CRAM-MD5 what they'll get is LOGIN or
PLAIN _without_ TLS, sigh. 

I disagree with this statement.  Today, many email client
and server supports TLS, and does so independently of what
SASL mechanisms they may or may not support.  I think most
users and administrators will enable that TLS support if a
plain text password mechanism is chosen.  And, if that's
the RECOMMENDED default, I doubt many users and administrators
will disable TLS without some considerations of th
security implications of their choice.

I think the best option for this protocol, given issues
raised by Simon regarding DIGEST-MD5, is TLS+PLAIN.

Kurt 


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf



<Prev in Thread] Current Thread [Next in Thread>