Simple Authentication and Security Layer (SASL) Mechanisms

Last Updated

2015-11-02

Note

The Simple Authentication and Security Layer (SASL) [RFC4422] is a
method for adding authentication support to connection-based
protocols.  To use this specification, a protocol includes a command
for identifying and authenticating a user to a server and for
optionally negotiating a security layer for subsequent protocol
interactions.  The command has a required argument identifying a SASL
mechanism.

SASL mechanisms are named by strings, from 1 to 20 characters in
length, consisting of upper-case letters, digits, hyphens, and/or
underscores.  SASL mechanism names must be registered with the IANA.
Procedures for registering new SASL mechanisms are described in
[RFC4422].

SASL mechanism names starting with "GS2-" are reserved for SASL
mechanisms which conform to [RFC5801]. 

Registration procedures for SASL mechanism names starting with 
"SCRAM-" are defined in [RFC7677].

Available Formats

XML

HTML

Plain text

Registries included below

SASL Mechanisms
SASL SCRAM Family Mechanisms

SASL Mechanisms

Registration Procedure(s)

First Come First Served for mechanisms.
Expert Review with mailing list for family name registrations.
For names beginning with "GS2-", see RFC 5801. 
For names beginning with "SCRAM-", see RFC7677.

Expert(s)

Simon Josefsson

Reference

[RFC4422]

Available Formats

CSV

Mechanism	Usage	Reference	Owner
9798-M-DSA-SHA1	COMMON	[RFC3163]	[Robert_Zuccherato]
9798-M-ECDSA-SHA1	COMMON	[RFC3163]	[Robert_Zuccherato]
9798-M-RSA-SHA1-ENC	COMMON	[RFC3163]	[Robert_Zuccherato]
9798-U-DSA-SHA1	COMMON	[RFC3163]	[Robert_Zuccherato]
9798-U-ECDSA-SHA1	COMMON	[RFC3163]	[Robert_Zuccherato]
9798-U-RSA-SHA1-ENC	COMMON	[RFC3163]	[Robert_Zuccherato]
ANONYMOUS	COMMON	[RFC4505]	[IESG]
CRAM-MD5	LIMITED	[RFC2195]	[IESG]
DIGEST-MD5	OBSOLETE	[RFC6331]	[IESG]
EAP-AES128	COMMON	[RFC7055]	[IESG]
EAP-AES128-PLUS	COMMON	[RFC7055]	[IESG]
EXTERNAL	COMMON	[RFC4422]	[IESG]
GS2-*	COMMON	[RFC5801]	[IESG]
GS2-KRB5	COMMON	[RFC5801]	[IESG]
GS2-KRB5-PLUS	COMMON	[RFC5801]	[IESG]
GSS-SPNEGO	LIMITED	[Paul_Leach]	[Paul_Leach]
GSSAPI	COMMON	[RFC4752]	[IESG]
KERBEROS_V4	OBSOLETE	[RFC2222]	[IESG]
KERBEROS_V5	COMMON	[Simon_Josefsson]	[Simon_Josefsson]
LOGIN	OBSOLETE	[draft-murchison-sasl-login]	[Kenneth_Murchison][Mark_R._Crispin]
NMAS_AUTHEN	LIMITED	[Mark_G._Gayman]	[Mark_G._Gayman]
NMAS_LOGIN	LIMITED	[Mark_G._Gayman]	[Mark_G._Gayman]
NMAS-SAMBA-AUTH	LIMITED	[Vince_Brimhall]	[Vince_Brimhall]
NTLM	LIMITED	[Paul_Leach]	[Paul_Leach]
OAUTH10A	COMMON	[RFC7628]	[IESG]
OAUTHBEARER	COMMON	[RFC7628]	[IESG]
OPENID20	COMMON	[RFC6616]	[IESG]
OTP	COMMON	[RFC2444]	[IESG]
PLAIN	COMMON	[RFC4616]	[IESG]
SAML20	COMMON	[RFC6595]	[IESG]
SCRAM-*	COMMON	[RFC7677]	[IESG]
SECURID	COMMON	[RFC2808]	[Magnus_Nystrom]
SKEY	OBSOLETE	[RFC2444]	[IESG]
SPNEGO	MUST NOT be used	[RFC5801]	[IESG]
SPNEGO-PLUS	MUST NOT be used	[RFC5801]	[IESG]
XOAUTH	OBSOLETE	[N/A]	[IESG]
XOAUTH2	OBSOLETE	[N/A]	[IESG]

SASL SCRAM Family Mechanisms

Registration Procedure(s)

IETF Review with mailing list

Reference

[RFC7677]

Available Formats

CSV

Mechanism	Usage	Reference	Minimum iteration-count	Associated OID	Owner
SCRAM-SHA-1	COMMON	[RFC5802][RFC7677]	4096	1.3.6.1.5.5.14	[IESG]
SCRAM-SHA-1-PLUS	COMMON	[RFC5802][RFC7677]	4096	1.3.6.1.5.5.14	[IESG]
SCRAM-SHA-256	COMMON	[RFC7677]	4096	1.3.6.1.5.5.18	[IESG]
SCRAM-SHA-256-PLUS	COMMON	[RFC7677]	4096	1.3.6.1.5.5.18	[IESG]

People

ID	Name	Contact URI	Last Updated
[IESG]	IESG	mailto:iesg&ietf.org
[Kenneth_Murchison]	Kenneth Murchison	mailto:ken&oceana.com	2014-11-10
[Magnus_Nystrom]	Magnus Nystrom	mailto:magnus&rsasecurity.com
[Mark_G._Gayman]	Mark G. Gayman	mailto:mgayman&novell.com	2000-09
[Mark_R._Crispin]	Mark R. Crispin	mailto:MRC&CAC.Washington.EDU	2014-11-10
[Paul_Leach]	Paul Leach	mailto:paulle&microsoft.com	2000-06
[Robert_Zuccherato]	Robert Zuccherato	mailto:robert.zuccherato&entrust.com
[Simon_Josefsson]	Simon Josefsson	mailto:simon&josefsson.org	2004-01
[Vince_Brimhall]	Vince Brimhall	mailto:vbrimhall&novell.com	2004-04