This was a thread about DIGEST-MD5, but I'm going to goo off a bit at a tangent and ask for SCRAM authentication as per http://tools.ietf.org/html/rfc5802

From the RFC:
  “The DIGEST-MD5 [DIGESTHISTORIC] mechanism has proved to be too
   complex to implement and test, and thus has poor interoperability.
   The security layer is often not implemented, and almost never used;
   everyone uses TLS instead. For a more complete list of problems with
   DIGEST-MD5 that led to the creation of SCRAM, see DIGESTHISTORIC.”

SCRAM supports channel bindings and other modern SASL features. It's not used with HTTP but is useful for other protocols implemented within libcurl, including SMTP, POP and IMAP.

There are 2 open source implementations of SCRAM available: http://www.gnu.org/software/gsasl/ (LGPL) and http://www.cyrussasl.org/

It's a sizeable undertaking… would anyone else who uses libcurl find this useful?

-- 
Tim Bannister – isoma_at_jellybaby.net
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html