On 3.10.2012, at 2.54, Florian Zeitz wrote:
> Am 03.10.2012 01:42, schrieb Timo Sirainen:
>> On 3.10.2012, at 0.05, Florian Zeitz wrote:
>>
>>> attached is an hg export on top of the current dovecot-2.2 branch, which
>>> adds support for a SCRAM-SHA-1 password scheme.
>>
>> Oh, and SCRAM-SHA1 or SCRAM-SHA-1? I'd think SCRAM-SHA1 as the scheme is now
>> called, but elsewhere in the code (including user-visible strings) it says
>> SCRAM-SHA-1.
>>
> Well, I usually prefer SCRAM-SHA-1, as that is how it is called in the
> RFC, and SHA-1 is the hash name registered with IANA [1].
> I did call the password scheme SCRAM-SHA1 to be consistent with other
> current password schemes. I'm not 100% sure which one to use, or whether
> a mix might even be the way to go ("correct" messages, but minimum user
> confusion for password schemes).
Hmm. Probably not worth it to have both SCRAM-SHA1 and SCRAM-SHA-1. And now I
see that the user-visible strings are about SCRAM-SHA-1 mechanism, not the
hash. So yeah, I guess the best way to avoid confusion is to call it
SCRAM-SHA-1 everywhere.
