Over the weekend I had a chance to reflect on this. I have changed my
mind and now believe that it would be nicer to avoid having to specify
and describe crypto negotiation in the mechanism.
That's exactly the right thing to do.
The primary reason is that both SASL and GSS-API are flexible protocols
in themselves and can negotiate between mechanisms of different
strengths. There is no strong need for SASL mechanisms or GSS-API
mechanisms to have crypto agility, as far as I can tell.
Further, the complexity in DIGEST-MD5 compared to CRAM-MD5 stems
(partially) from having to negotiate various things. The more we can
avoid having to negotiate, the simpler the wire protocol becomes. The
specification becomes less complex as well. The crypto negotiation is
not different from character set or security layer negotiations in this
aspect.
I agree, fully.