On Tue, 16 Aug 2005, Scott Kitterman wrote:
That is correct. CRAM-M5 and DIGEST-MD5 are not considered (no longer
considered) to be good authentication methods when used across the
Internet. However generally speaking they are good enough for use
on local LAN and within same corporate network (unless your corporate
network is so bad you're afraid of man-in-the-middle attacks on it,
but in that case you have much worse things to be worried about)
I suppose TLS would solve the problem, but then you might as well use Plain
or even Login. Right?
Correct. Using TLS with plain authentication is better then CRAM-MD5 with
no TLS.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net