[BXXPwg] SUMMARY: Why to use DIGEST-MD5 in syslog-reliable
Sat, 16 Dec 2000 02:07:03 -0700
During IETF SYSLOG session on Wednesday the question was raised why
DIGEST-MD5 is the suggested SASL in syslog-reliable document (and BEEP
I'll try to summarize why DIGEST-MD5 was chosen as mandatory to
implement by several protocols.
Better than CRAM-MD5, because :
Allows client to authenticate server (mutual authentication).
Has integrity and privacy protection layer (the majority of other
mechanisms don't have that).
Uses message counters in hash calculation to prevent reply attack.
Authentication exchange includes authorization information.
Easier to deploy than GSSAPI (Kerberos, X.509) because it doesn't
require additional infrastructure (although it is not as secure as