On 3.10.2012, at 2.54, Florian Zeitz wrote:
Am 03.10.2012 01:42, schrieb Timo Sirainen:
On 3.10.2012, at 0.05, Florian Zeitz wrote:
attached is an hg export on top of the current dovecot-2.2 branch, which adds support for a SCRAM-SHA-1 password scheme.
Oh, and SCRAM-SHA1 or SCRAM-SHA-1? I'd think SCRAM-SHA1 as the scheme is now called, but elsewhere in the code (including user-visible strings) it says SCRAM-SHA-1.
Well, I usually prefer SCRAM-SHA-1, as that is how it is called in the RFC, and SHA-1 is the hash name registered with IANA [1]. I did call the password scheme SCRAM-SHA1 to be consistent with other current password schemes. I'm not 100% sure which one to use, or whether a mix might even be the way to go ("correct" messages, but minimum user confusion for password schemes).
Hmm. Probably not worth it to have both SCRAM-SHA1 and SCRAM-SHA-1. And now I see that the user-visible strings are about SCRAM-SHA-1 mechanism, not the hash. So yeah, I guess the best way to avoid confusion is to call it SCRAM-SHA-1 everywhere.