On Tue, 16 Aug 2005, Frank Ellermann wrote:
william(at)elan.net wrote:
CRAM-M5 and DIGEST-MD5 are not considered (no longer
considered) to be good authentication methods when used
across the Internet.
The default translation for such statements is "VeriSign
wants to sell its PKI", therefore I (try to) look for the
real reasons starting with an assumption of "commercial
interests by vendors of wannabe-better-than-KISS schemes".
Nobody said you have to use TLS with certificate provided by Verisign.
SMTP with TLS with self-signed certificate will do fine and much better
then CRAM-MD5 and this has nothing to do with optional X.509 PKI system
hierchical model and has everything to do with security provided by
using TLS protocol itself.
Yeah, I'm spoiled, bye, Frank
<http://purl.net/xyzzy/src/md5.cmd> (REXX MD5 stuff)
How about sha256.cmd?
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net