David B Funk wrote: > On Wed, 29 May 2002, Mark Crispin wrote: > > > OK, this is helpful and may be the breakthrough that was needed. > > > > How about the following: > > > [big snip...] > > > > This matches current reality. > > I don't see SRP discussed anywhere. I feel more comfortable with > it than CRAM-MD5 because of the issue of storage of passwords on > the server. Is it too far out? > > In case you haven't heard of SRP, see: > <http://www-cs-students.stanford.edu/~tjw/srp/index.html> >
SRP is even less deployed than DIGEST-MD5 and the document is not stable. But this is not to discourage you to implement it in your client/server, if any ;-). Regards, Alexey Melnikov __________________________________________ R & D, ACI Worldwide/MessagingDirect Richmond, Surrey, UK Phone: +44 20 8332 4508 Home Page: http://orthanc.ab.ca/mel I speak for myself only, not for my employer. __________________________________________