Based on the comments to the WG over the past several days, I believe that authmeth should only reference DIGEST-MD5 in historical terms. The Simple Mechanism Security Considerations currently state:
"The name/password authentication mechanism of the simple Bind method discloses the password to the server, which is an inherent security risk. There are other mechanisms such as DIGEST-MD5 that do not disclose the password to the server."
I would like to replace this reference with DIGEST-MD5 with another mechanism (it does not need to be normative) that would not disclose the password to the server. Suggestions?
Thanks,
Roger