Simple Authentication and Security Layer (SASL) Mechanisms
2022-03-16
The Simple Authentication and Security Layer (SASL) is a
method for adding authentication support to connection-based
protocols. To use this specification, a protocol includes a command
for identifying and authenticating a user to a server and for
optionally negotiating a security layer for subsequent protocol
interactions. The command has a required argument identifying a SASL
mechanism.
SASL mechanisms are named by strings, from 1 to 20 characters in
length, consisting of upper-case letters, digits, hyphens, and/or
underscores. SASL mechanism names must be registered with the IANA.
Procedures for registering new SASL mechanisms are described in
.
SASL mechanism names starting with "GS2-" are reserved for SASL
mechanisms which conform to .
Registration procedures for SASL mechanism names starting with
"SCRAM-" are defined in .
SASL Mechanisms
First Come First Served for mechanisms.
Expert Review with mailing list for family name registrations.
For names beginning with "GS2-", see RFC 5801.
For names beginning with "SCRAM-", see RFC7677.
Simon Josefsson
SASL mechanisms are named by character strings from 1 to 20
characters in length, consisting of ASCII uppercase letters, digits,
hyphens, and/or underscores.
9798-M-DSA-SHA1
COMMON
9798-M-ECDSA-SHA1
COMMON
9798-M-RSA-SHA1-ENC
COMMON
9798-U-DSA-SHA1
COMMON
9798-U-ECDSA-SHA1
COMMON
9798-U-RSA-SHA1-ENC
COMMON
ANONYMOUS
COMMON
CRAM-MD5
LIMITED
DIGEST-MD5
OBSOLETE
EAP-AES128
COMMON
EAP-AES128-PLUS
COMMON
ECDH-X25519-CHALLENGE
LIMITED USE
ECDSA-NIST256P-CHALLENGE
LIMITED USE
EXTERNAL
COMMON
GS2-*
COMMON
GS2-KRB5
COMMON
GS2-KRB5-PLUS
COMMON
GSS-SPNEGO
LIMITED
GSSAPI
COMMON
KERBEROS_V4
OBSOLETE
KERBEROS_V5
COMMON
LOGIN
OBSOLETE
NMAS_AUTHEN
LIMITED
NMAS_LOGIN
LIMITED
NMAS-SAMBA-AUTH
LIMITED
NTLM
LIMITED
OAUTH10A
COMMON
OAUTHBEARER
COMMON
OPENID20
COMMON
OTP
COMMON
PLAIN
COMMON
SAML20
COMMON
SCRAM-*
COMMON
SECURID
COMMON
SKEY
OBSOLETE
SPNEGO
MUST NOT be used
SPNEGO-PLUS
MUST NOT be used
SXOVER-PLUS
COMMON
XOAUTH
OBSOLETE
N/A
XOAUTH2
OBSOLETE
N/A
Note that this name does not conform to the length restriction in .
SASL SCRAM Family Mechanisms
IETF Review with mailing list
SCRAM-SHA-1
COMMON
4096
1.3.6.1.5.5.14
SCRAM-SHA-1-PLUS
COMMON
4096
1.3.6.1.5.5.14
SCRAM-SHA-256
COMMON
4096
1.3.6.1.5.5.18
SCRAM-SHA-256-PLUS
COMMON
4096
1.3.6.1.5.5.18
IESG
mailto:iesg&ietf.org
Kenneth Murchison
mailto:ken&oceana.com
2014-11-10
Magnus Nystrom
mailto:magnus&rsasecurity.com
Mark G. Gayman
mailto:mgayman&novell.com
2000-09
Mark R. Crispin
mailto:MRC&CAC.Washington.EDU
2014-11-10
Paul Leach
mailto:paulleµsoft.com
2000-06
Rick van Rein
mailto:rick&openfortress.nl
2022-03-16
Robert Zuccherato
mailto:robert.zuccherato&entrust.com
Simon Josefsson
mailto:simon&josefsson.org
2004-01
Simon Ser
mailto:contact&emersion.fr
2021-07-21
Vince Brimhall
mailto:vbrimhall&novell.com
2004-04