DIGEST-MD5 interop testing and comments

[Cyrus Daboo <daboo@xxxxxxxxxxxx>]

Hi folks,
At last weeks MailConnect 6 event hosted by the IMC in San Jose, we did
some DIGEST-MD5 interop testing with some client and server
implementations. Some question wrt to the current draft arose from this
and I'll list those below.

If anyone else is interested in interop testing of DIGEST-MD5 please
post to this list so that we can all do this. We (Cyrusoft
International) have a DIGEST-MD5 plugin for Mulberry (IMAP email
client) available now and want to test with whatever server
implementations are currently available.

Comments:

1) Section 2.1.2.1
The definition for A2 includes the 'digest-uri-value'. Does this have
to be present or can it be NULL? I'm assuming that if the client does
not send a 'digest-uri' as part of the digest-response (Section 2.1.2)
then the value in A2 should be NULL. This needs more explanation.

2) Section 2.1.3
The purpose of Step 3 seems to be missing. Why is it present?
Presumably so that the client can validate the server response. It
should be stated explicitly that the client should abort the
authentication if the wrong values are returned, i.e. the client must
calculate and compare the response-auth sent by the server.

3) Section 4: Example
The example does not include Step 3 or does it? Its also not clear to
me what happens after Step 3 - does the server immediately respond with
a tagged OK response or does it wait for something from the client,
since the client may reject step three? If the example does include
Step 3 then it would be the line immediately preceeding the a OK line,
in which case the example is not at all clear. Perhaps using the 'C:'
and 'S:' prefixes for each response would make things clearer.

--Cyrus Daboo