Bug 349857

Summary: No state-of-the-art SASL authentication method available
Product: [Applications] kmail2 Reporter: Steffen Lehmann <steffen>
Component: generalAssignee: kdepim bugs <pim-bugs-null>
Status: REPORTED ---    
Severity: wishlist CC: kde
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Other   
OS: All   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Steffen Lehmann 2015-07-03 09:02:07 UTC 
There is no state-of-the art SASL authentication method available in KMail. 
DIGEST-MD5 was moved to "historic" by RFC 6331 in year 2011.
And the MD5 hash algorithm must not be used for security purposes for years.
There is a powerful SCRAM authentication mechanism described in RFC 5802, but it is not supported by KMail.

Reproducible: Always

Steps to Reproduce:
1. Open the configure dialogue
2. configure an IMAP access
3. Try to select a powerful SASL authentication mechanism

Actual Results:  
No strong authentication mechanism selectable.

Expected Results:  
SCRAM-SHA1 is selectable as a SASL authentication mechanism

If it would help you, I can provide you with a test account on an IMAP- and Sieve server supporting SCRAM-SHA1.