cURL / Mailing Lists / curl-library / Single Mail



From: Tim Bannister <>
Date: Mon, 9 Jan 2012 19:35:13 +0000

This was a thread about DIGEST-MD5, but I'm going to goo off a bit at a tangent and ask for SCRAM authentication as per

From the RFC:
  “The DIGEST-MD5 [DIGESTHISTORIC] mechanism has proved to be too
   complex to implement and test, and thus has poor interoperability.
   The security layer is often not implemented, and almost never used;
   everyone uses TLS instead. For a more complete list of problems with
   DIGEST-MD5 that led to the creation of SCRAM, see DIGESTHISTORIC.”

SCRAM supports channel bindings and other modern SASL features. It's not used with HTTP but is useful for other protocols implemented within libcurl, including SMTP, POP and IMAP.

There are 2 open source implementations of SCRAM available: (LGPL) and

It's a sizeable undertaking… would anyone else who uses libcurl find this useful?

Tim Bannister –
List admin:
Received on 2012-01-09