Mark Crispin wrote:
OK, I'm trying to digest all of this.
It seems clear to me that TLS+AUTH=PLAIN will be a solution, and will be
required of all IMAP server implementations. I have not seen any
objection to either TLS+AUTH=PLAIN is a solution or TLS+AUTH=PLAIN is
required of all server
Assuming that we set TLS+AUTH=PLAIN as the mandatory to implement
answer for IESG, I have two questions:
1) Can a compliant server implementation be built without TLS support?
In particular, UW's pre-built imapd binaries do *NOT* have TLS support
because our lawyers' interpretation of US
Mark Crispin wrote:
(2) Require implementation of DIGEST-MD5.
This is not as widely deployed
AFAIK it is completely undeployed in the IMAP world.
See http://www.sendmail.org/~ca/email/mel/SASL_ServerRef.html
and http://www.sendmail.org/~ca/email/mel/SASL_ClientRef.html
for a list of
begin quotation by Lyndon Nerenberg on 2002/5/30 11:06 -0600:
If the requirement is strictly for the can interoperate checkbox
then that list should contain only CRAM-MD5.
I'm generally opposed to including CRAM-MD5 as a mandatory to implement,
even as a SHOULD. While it's widely implemented
Are we talking about TLS on the IANA registerd port 993/TCP or are we
talking about STARTTLS over a potentially clear text port 143/TCP ?
Thank you for clarifying.
Randall
On Thu, 30 May 2002, Mark Crispin wrote:
: OK, I'm trying to digest all of this.
:
: It seems clear to me that
How do I get myself off of this list?
--
Jessica L. Blank, Systems Administrator Programmer
www.starchefs.com http://www.starchefs.com
9 East 19th St., 9th Floor / New York, NY 10003
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] - (212) 477-9399 x116
Help Wanted. Help Found.
On Wed, 29 May 2002 12:35:17 -0700 (PDT), [EMAIL PROTECTED] wrote:
A specific protocol is another matter. The IESG's belief is that specific
protocols need to have one or more mandatory to implement SASL mechanisms.
Mandatory to implement doesn't mean mandatory to use. Just because you have
On Wed, 29 May 2002, Lawrence Greenfield wrote:
Our local site policy doesn't offer DIGEST-MD5---but
that isn't what we're talking about.
The point seems to be interoperability between compliant implementations.
A client which only implements DIGEST-MD5 is not able to talk to your
server.
I
On Wed, 29 May 2002, Mark Crispin wrote:
OK, this is helpful and may be the breakthrough that was needed.
How about the following:
[big snip...]
This matches current reality.
I don't see SRP discussed anywhere. I feel more comfortable with
it than CRAM-MD5 because of the issue of storage
