> begin quotation by Alexey Melnikov on 2002/5/31 10:15 -0600: > > > Having said that I would like to leave at least one non-plaintext SASL > > mechanism as mandatory to implement. So, what about > > > > Clients: MUST TLS+AUTH=PLAIN and DIGEST-MD5 > > Servers: MUST TLS+AUTH=PLAIN or DIGEST-MD5 > > > > What client implementors think? I don't feel that I have a moral ground to > > make a decision for client implementors, as I currently not writing one, > > although I used to a long time ago (and it had DIGEST-MD5 support ;-)). > > Don't you have the logic reversed for clients and servers?
Right. Ok, let me try one more time: I would be satisfied, if the document says: Both clients and servers MUST implement TLS+AUTH=PLAIN and SHOULD implement DIGEST-MD5. Regards, Alexey Melnikov __________________________________________ R & D, ACI Worldwide/MessagingDirect Richmond, Surrey, UK Phone: +44 20 8332 4508 Home Page: http://orthanc.ab.ca/mel I speak for myself only, not for my employer. __________________________________________
