Protocol CRAM-MD5 (14) ([100]) is a classical challenge/response authentication extension for IMAP [49,126]: the server provides a random challenge and the client transmits an HMAC of the challenge using the shared key as the HMAC key.
Protocol CRAM-MD5 should provide Authentication, Secrecy and Replay Protection (G1,2,3,12).
Protocol APOP (15), defined in [127] as part of POP3, is a simple method of authentication using timestamps as nonces, which provides for both origin authentication and replay protection, but which does not involve sending a password in the clear over the network.
Protocol APOP should provide Authentication, Secrecy and Replay Protection (G1,2,3,12).
Protocol ACAP [132], is very close to [100] and thus not included in our list.
Protocol HTTP Digest [69], is actually part of the SIP security protocol considered in Section 4.3
Protocol AKA is discussed in Section 6.1.
Protocol Kerberos is discussed in Section 4.19.
Protocol SIM the predecessor of AKA, has evident security flaws (it does not provide mutual authentication). A more interesting (and more complex) version is Protocol EAP-SIM, described in Section 4.13.