On Mon, 22 Apr 2002, Philip Hazel wrote:
> > > "Odhiambo G. Washington" wrote:
> > > Is it one of "de-facto" standards or listed in RFCs ?
>
> As far as I know, it is not an RFC thing. It is a M$ thing. I don't know
> if there is any public document that describes it.
It is very much a proprietary MS "standard". It started with the Microsoft
Network (MSN), and the only clients that support are Outlook and Outlook
Express. The way the MSN mail guys explained it to me, SPA is used
to authenticate users against a SQL Server backend. I believe the user ID
and password are both transmitted in encrypted form, but I don't know what
sort of encryption (XOR? ;-))
--
Juha Saarinen
