Internet Assigned Numbers Authority

Simple Authentication and Security Layer (SASL) Mechanisms

Last Updated
2022-03-16
Note
The Simple Authentication and Security Layer (SASL) [RFC4422] is a
method for adding authentication support to connection-based
protocols.  To use this specification, a protocol includes a command
for identifying and authenticating a user to a server and for
optionally negotiating a security layer for subsequent protocol
interactions.  The command has a required argument identifying a SASL
mechanism.

SASL mechanisms are named by strings, from 1 to 20 characters in
length, consisting of upper-case letters, digits, hyphens, and/or
underscores.  SASL mechanism names must be registered with the IANA.
Procedures for registering new SASL mechanisms are described in
[RFC4422].

SASL mechanism names starting with "GS2-" are reserved for SASL
mechanisms which conform to [RFC5801]. 

Registration procedures for SASL mechanism names starting with 
"SCRAM-" are defined in [RFC7677].
    
Available Formats

XML

HTML

Plain text

Registries included below

SASL Mechanisms

Registration Procedure(s)
First Come First Served for mechanisms.
Expert Review with mailing list for family name registrations.
For names beginning with "GS2-", see RFC 5801. 
For names beginning with "SCRAM-", see RFC7677.

Expert(s)
Simon Josefsson
Reference
[RFC4422]
Note
SASL mechanisms are named by character strings from 1 to 20 
characters in length, consisting of ASCII uppercase letters, digits, 
hyphens, and/or underscores.
Available Formats

CSV
Mechanism Usage Reference Owner
9798-M-DSA-SHA1 COMMON [RFC3163] [Robert_Zuccherato]
9798-M-ECDSA-SHA1 COMMON [RFC3163] [Robert_Zuccherato]
9798-M-RSA-SHA1-ENC COMMON [RFC3163] [Robert_Zuccherato]
9798-U-DSA-SHA1 COMMON [RFC3163] [Robert_Zuccherato]
9798-U-ECDSA-SHA1 COMMON [RFC3163] [Robert_Zuccherato]
9798-U-RSA-SHA1-ENC COMMON [RFC3163] [Robert_Zuccherato]
ANONYMOUS COMMON [RFC4505] [IESG]
CRAM-MD5 LIMITED [RFC2195] [IESG]
DIGEST-MD5 OBSOLETE [RFC6331] [IESG]
EAP-AES128 COMMON [RFC7055] [IESG]
EAP-AES128-PLUS COMMON [RFC7055] [IESG]
ECDH-X25519-CHALLENGE[1] LIMITED USE [https://github.com/atheme/atheme/blob/master/modules/saslserv/ecdh-x25519-challenge.c] [Simon_Ser]
ECDSA-NIST256P-CHALLENGE[1] LIMITED USE [https://github.com/kaniini/ecdsatool#mechanism-spec] [Simon_Ser]
EXTERNAL COMMON [RFC4422] [IESG]
GS2-* COMMON [RFC5801] [IESG]
GS2-KRB5 COMMON [RFC5801] [IESG]
GS2-KRB5-PLUS COMMON [RFC5801] [IESG]
GSS-SPNEGO LIMITED [Paul_Leach] [Paul_Leach]
GSSAPI COMMON [RFC4752] [IESG]
KERBEROS_V4 OBSOLETE [RFC2222] [IESG]
KERBEROS_V5 COMMON [Simon_Josefsson] [Simon_Josefsson]
LOGIN OBSOLETE [draft-murchison-sasl-login] [Kenneth_Murchison][Mark_R._Crispin]
NMAS_AUTHEN LIMITED [Mark_G._Gayman] [Mark_G._Gayman]
NMAS_LOGIN LIMITED [Mark_G._Gayman] [Mark_G._Gayman]
NMAS-SAMBA-AUTH LIMITED [Vince_Brimhall] [Vince_Brimhall]
NTLM LIMITED [Paul_Leach] [Paul_Leach]
OAUTH10A COMMON [RFC7628] [IESG]
OAUTHBEARER COMMON [RFC7628] [IESG]
OPENID20 COMMON [RFC6616] [IESG]
OTP COMMON [RFC2444] [IESG]
PLAIN COMMON [RFC4616] [IESG]
SAML20 COMMON [RFC6595] [IESG]
SCRAM-* COMMON [RFC7677] [IESG]
SECURID COMMON [RFC2808] [Magnus_Nystrom]
SKEY OBSOLETE [RFC2444] [IESG]
SPNEGO MUST NOT be used [RFC5801] [IESG]
SPNEGO-PLUS MUST NOT be used [RFC5801] [IESG]
SXOVER-PLUS COMMON [draft-vanrein-diameter-sasl-06] [Rick_van_Rein]
XOAUTH OBSOLETE [N/A] [IESG]
XOAUTH2 OBSOLETE [N/A] [IESG]

SASL SCRAM Family Mechanisms

Registration Procedure(s)
IETF Review with mailing list
Reference
[RFC7677]
Available Formats

CSV
Mechanism Usage Reference Minimum iteration-count Associated OID Owner
SCRAM-SHA-1 COMMON [RFC5802][RFC7677] 4096 1.3.6.1.5.5.14 [IESG]
SCRAM-SHA-1-PLUS COMMON [RFC5802][RFC7677] 4096 1.3.6.1.5.5.14 [IESG]
SCRAM-SHA-256 COMMON [RFC7677] 4096 1.3.6.1.5.5.18 [IESG]
SCRAM-SHA-256-PLUS COMMON [RFC7677] 4096 1.3.6.1.5.5.18 [IESG]

Contact Information

ID Name Contact URI Last Updated
[IESG] IESG mailto:iesg&ietf.org
[Kenneth_Murchison] Kenneth Murchison mailto:ken&oceana.com 2014-11-10
[Magnus_Nystrom] Magnus Nystrom mailto:magnus&rsasecurity.com
[Mark_G._Gayman] Mark G. Gayman mailto:mgayman&novell.com 2000-09
[Mark_R._Crispin] Mark R. Crispin mailto:MRC&CAC.Washington.EDU 2014-11-10
[Paul_Leach] Paul Leach mailto:paulle&microsoft.com 2000-06
[Rick_van_Rein] Rick van Rein mailto:rick&openfortress.nl 2022-03-16
[Robert_Zuccherato] Robert Zuccherato mailto:robert.zuccherato&entrust.com
[Simon_Josefsson] Simon Josefsson mailto:simon&josefsson.org 2004-01
[Simon_Ser] Simon Ser mailto:contact&emersion.fr 2021-07-21
[Vince_Brimhall] Vince Brimhall mailto:vbrimhall&novell.com 2004-04

Footnote

[1]
Note that this name does not conform to the length restriction in [RFC4422].