Updated DIGEST-MD5 document (draft-ietf-sasl-rfc2831bis-10.txt)

[Alexey Melnikov <alexey.melnikov@xxxxxxxxx>]

Changes since draft-ietf-sasl-rfc2831bis-09.txt:

- Editorial changes:
 - ABNF cleanup
 - Replaced MD5(x) with H(x), as MD5() construct is not defined (thanks 
to Dave Cridland for pointing this out)
 - Reworded the text about authorization identity verification to be 
non normative (as it is a protocol matter).
 - Clarified that cnonce must be the same on reauthentication (this 
differs from HTTP Digest).
 - Cleanup list of changes since HTTP Digest and RFC 2831.
- Non editorial:
 - Replaced RC4 with AES-CTR as mandatory to implement.
 - Added qop and cipher to the new client/server nonce (with channel 
binding), so that they can be protected
 - Moved ABNF reference to the Normative References section.
 - Replaced the text about CBC mode attack with some general 
description of attacks on padding.
 - Added response-v2 option, i.e. client now generates two hashes, 
authentication succeed if the server can verify either one.
    (Thanks to Jeffrey Hutzelman regarding this change)
 - Cleaned up description of prep directive. Username/password 
preparation is now done on both the client and the server.

Open issues/todo:
 - Add some text why RC4 is no longer mandatory to implement (?)
 - Reference to the document describing channel binding for TLS needs 
to be corrected.
 - Backward compatibility with RFC 2831 needs to be clarified (.e.g. 
when charset directive is present and the prep directive is not)
 - Interaction between the new prep and the old charset directives 
needs to be clarified
 - The charset directive is kind of optional, but in practice it is 
not. Should it just be made mandatory?
 - Updated examples to match the new text

Despite the list of open issues I think the document is ready for the 
WGLC. In particular, I need more reviews (and opinions on the open 
issues from reviewers) in order to move forward with the document.

Regards,
Alexey