Hello On Tue, Sep 11, 2007 at 10:00:52PM +0530, Mridul Muralidharan wrote: > Ian Paterson wrote: >> TLS + DIGEST-MD5 is stronger than TLS + SASL PLAIN > > In what way ? On the wire there is no difference. > If end to end there is tls (from the client to the server), then there is > not much difference between both.
No-one knows, when TLS gets broken, like got many other encryption methods before. This way you get one security layer more and gives you time. IMO clients (whenever possible) should be able to do both PLAIN and DIGEST-MD5. If you need server that does not store the passwords plain-text, then you have to choose PLAIN, probably. I'm against removing DIGEST-MD5, or at last, keep it as SHOULD, please. -- There's the light at the end of the the Windows. -- Havlik Denis Michal 'vorner' Vaner
pgpLBLsdE2TGo.pgp
Description: PGP signature