Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RFC6331: Moving DIGEST-MD5 to Historic #390

Open
Neustradamus opened this issue Aug 1, 2022 · 3 comments
Open

RFC6331: Moving DIGEST-MD5 to Historic #390

Neustradamus opened this issue Aug 1, 2022 · 3 comments

Comments

@Neustradamus
Copy link

Dear @go-ldap team,

20 November 2008: CRAM-MD5 to Historic:

29 June 2017: CRAM-MD5 to Historic:

July 2011: RFC6331: Moving DIGEST-MD5 to Historic:

August 2021: RFC9051: Internet Message Access Protocol (IMAP) - Version 4rev2:
"Replaced DIGEST-MD5 SASL mechanism with SCRAM-SHA-256. DIGEST-MD5 was deprecated."

I add same about SCRAM-MD5.

There are now:

  • July 2010: RFC5802: Salted Challenge Response Authentication Mechanism (SCRAM): SASL and GSS-API Mechanisms: https://tools.ietf.org/html/rfc5802 (SCRAM-SHA-1 and SCRAM-SHA-1-PLUS)
  • July 2010: RFC5803: Lightweight Directory Access Protocol (LDAP) Schema for Storing Salted: Challenge Response Authentication Mechanism (SCRAM) Secrets: https://tools.ietf.org/html/rfc5803
  • November 2015: RFC7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS: Simple Authentication and Security Layer (SASL) Mechanisms: https://tools.ietf.org/html/rfc7677

Soon:

@johnweldon
Copy link
Member

Can you elaborate on what issue you are reporting? Based on your other tickets, I think you're asking "someone" to implement newer authentication mechanisms on the basis that DIGEST-MD5 is not considered secure by modern standards.

If so, can you clarify specifically what you're requesting in this issue, and how it differs from the other ticket you filed.

@james-d-elliott
Copy link
Contributor

@Neustradamus you never responded to the above question.

@Neustradamus
Copy link
Author

@johnweldon, @james-d-elliott: Sorry for the delay!

Yes, I request to add the new secure standards (SCRAM family) to replace the old unsecure DIGEST-MD5 :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants