SIMPLE AUTHENTICATION AND SECURITY LAYER (SASL) MECHANISMS ---------------------------------------------------------- (last updated 2010-01-14) The Simple Authentication and Security Layer (SASL) [RFC4422] is a method for adding authentication support to connection-based protocols. To use this specification, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating a security layer for subsequent protocol interactions. The command has a required argument identifying a SASL mechanism. SASL mechanisms are named by strings, from 1 to 20 characters in length, consisting of upper-case letters, digits, hyphens, and/or underscores. SASL mechanism names must be registered with the IANA. Procedures for registering new SASL mechanisms are described in RFC4422. SASL mechanism names starting with "GS2-" are reserved for SASL mechanisms which conform to [RFC-ietf-sasl-gs2-20.txt]. Registration Procedures: First Come First Serve for Mechanisms Expert Review with Mailing List for Family Name Registrations MECHANISMS USAGE REFERENCE OWNER ---------- ----- --------- ----- KERBEROS_V4 OBSOLETE [RFC2222] IESG GSSAPI COMMON [RFC4752] IESG SKEY OBSOLETE [RFC2444] IESG EXTERNAL COMMON [RFC4422] IESG CRAM-MD5 LIMITED [RFC2195] IESG ANONYMOUS COMMON [RFC4505] IESG OTP COMMON [RFC2444] IESG GSS-SPNEGO LIMITED [Leach] Paul Leach PLAIN COMMON [RFC4616] IESG SECURID COMMON [RFC2808] Magnus Nystrom NTLM LIMITED [Leach] Paul Leach NMAS_LOGIN LIMITED [Gayman] Mark G. Gayman NMAS_AUTHEN LIMITED [Gayman] Mark G. Gayman DIGEST-MD5 COMMON [RFC2831] IESG 9798-U-RSA-SHA1-ENC COMMON [RFC3163] robert.zuccherato&entrust.com 9798-M-RSA-SHA1-ENC COMMON [RFC3163] robert.zuccherato&entrust.com 9798-U-DSA-SHA1 COMMON [RFC3163] robert.zuccherato&entrust.com 9798-M-DSA-SHA1 COMMON [RFC3163] robert.zuccherato&entrust.com 9798-U-ECDSA-SHA1 COMMON [RFC3163] robert.zuccherato&entrust.com 9798-M-ECDSA-SHA1 COMMON [RFC3163] robert.zuccherato&entrust.com KERBEROS_V5 COMMON [Josefsson] Simon Josefsson NMAS-SAMBA-AUTH LIMITED [Brimhall] Vince Brimhall SCRAM-* COMMON [RFC-ietf-sasl-scram-10.txt] IESG SCRAM-SHA-1 COMMON [RFC-ietf-sasl-scram-10.txt] IESG SCRAM-SHA-1-PLUS COMMON [RFC-ietf-sasl-scram-10.txt] IESG GS2-* COMMON [RFC-ietf-sasl-gs2-20.txt] IESG SPNEGO MUST NOT be used [RFC-ietf-sasl-gs2-20.txt] IESG SPNEGO-PLUS MUST NOT be used [RFC-ietf-sasl-gs2-20.txt] IESG References ---------- [RFC2195] Klensin, J., Catoe, R., Krumviede, P. "IMAP/POP AUTHorize Extension for Simple Challenge/Response", RFC 2195, MCI, September 1997. [RFC2222] J. Myers, "Simple Authentication and Security Layer (SASL)", RFC 2222, October 1997. [RFC2444] Newman, C., "The One-Time-Password SASL Mechanism", RFC 2444, October 1998. [RFC2595] Newman, C., "Using TLS with IMAP, POP3 and ACAP", RFC 2595, Innosoft, June 1999. [RFC2808] Nystrom, M., "The SecurID(r) SASL Mechanism", RFC 2808, April 2000. [RFC2831] Leach, P. and C. Newman, "Using Digest Authentication as a SASL Mechanism", RFC 2831, May 2000. [RFC3163] R. Zuccherato and M. Nystrom, "ISO/IEC 9798-3 Authentication SASL Mechanism", RFC 3163, August 2001. [RFC4505] K. Zeilenga, Ed., "Anonymous Simple Authentication and Security Layer (SASL) Mechanism", RFC 4505, June 2006. [RFC4422] A. Melnikov and K. Zeilenga, "Simple Authentication and Security Layer (SASL)", RFC 4422, June 2006. [RFC4616] K. Zeilenga, "The PLAIN SASL Mechanism", RFC 4616, August 2006. [RFC4752] A. Melnikov, "The Kerberos V5 ("GSSAPI") SASL mechanisma", RFC 4752, November 2006. [RFC-ietf-sasl-scram-10.txt] A. Menon-Sen, A. Melnikov, C. Newman, N. Williams, "Salted Challenge Response (SCRAM) SASL and GSS-API Mechanism", RFC XXXX, Month Year. [RFC-ietf-sasl-gs2-20.txt] S. Josefsson, N. Williams, "Using GSS-API Mechanisms in SASL: The GS2 Mechanism Family", RFC XXXX, Month Year. People ------ [Brimhall] Vince Brimhall, , April 2004. [Gayman] Mark G. Gayman, , September 2000. [Josefsson] Simon Josefsson, , January 2004. [Leach] Paul Leach, , December 1998, June 2000. []