> I therefore recommend to the group that we declare that: > . *the* solution is TLS+AUTH=PLAIN > . TLS+AUTH=PLAIN is mandatory to implement on both client and server > . the problem is solved > and abandon alternatives.
Okay, I'm not going to fight this particular battle. I do want to go on record as saying that IESG is going about this the wrong way by requiring things like TLS be added to every new application protocol when the solution already exists in the form of IPSEC. If TLS does become mandatory-to-implement for IMAP we're going to see an awful lot of "IMAP-like" mail servers and clients methinks. --lyndon