|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
##
##
##
##
##
##
## SASLwg
##
##
|
|
|
|
|
|
|
|
|
Last Update: Apr 14, 2008
-- Color Legend: RFC Editor Queue
/ Processed by IESG
/ ID Exists
/ Recently Expired
-- Each I-D name is a link to an I-D description, which points to a text version, a two-page and fit-in-window PDF version, as well as the IETF Tools' HTML version.
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
##
##
##
##
##
##
## SASLwg
##
##
|
|
|
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
##
##
##
##
##
##
## SASLwg
##
|
|
|
|
|
|
| The charter of the SASL working group
is reported below.
|
|
|
|
The Simple Authentication and Security Layer [RFC2222] provides key
security services to a number of application protocols including BEEP,
IMAP, LDAP, POP, and SMTP. The purpose of this working group is to
shepherd SASL, including select SASL mechanisms, through the Internet
Standards process.
This group will deliver a revised SASL Technical Specification
suitable for consideration as a Draft Standard. This work will be
based upon RFC 2222 and draft-myers-saslrev.
This group will deliver revised Technical Specifications suitable for
consideration as Draft Standards for the following SASL mechanisms:
ANONYMOUS, PLAIN, CRAM-MD5, DIGEST-MD5, and EXTERNAL. This work will
be based upon RFC 2195, RFC 2222, RFC 2831, draft-zeilenga-sasl-anon,
draft-zeilenga-sasl-plain, draft-nerenberg-sasl-crammd5 and
draft-melnikov-rfc2831bis, and draft-myers-saslrev-xx.txt.
This group will deliver a revised Technical Specification suitable for
publication as Proposed Standard for the GSSAPI family of SASL
mechanisms. This work will be based upon RFC 2222 and
draft-ietf-cat-sasl-gssapi.
The following areas are not within the scope of work of this WG:
|
|
| - |
new features,
|
| - |
SASL Mechanisms not specifically mentioned above, and
|
| - |
SASL "profiles".
|
|
|
However, the SASL WG is an acceptable forum for review of SASL-related
submissions produced by others as long as such review does not impede
progress on the WG objectives listed above.
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
##
##
##
##
##
##
## SASLwg
##
##
|
|
|
|
|
|
|
|
|
|
| | |
RFC4013
02/2005
(6 p.)
[html]
[pdf(2)] |
K. Zeilenga |
|
SASLprep: Stringprep Profile for User Names and Passwords |
|
This document describes how to prepare Unicode strings representing
user names and passwords for comparison. The document defines the
"SASLprep" profile of the "stringprep" algorithm to be used for both
user names and passwords. This profile is intended to be used by
Simple Authentication and Security Layer (SASL) mechanisms (such as
PLAIN, CRAM-MD5, and DIGEST-MD5), as well as other protocols
exchanging simple user names and/or passwords.
|
|
|
| |
| Up List |
Status: | Proposed Standard |
|
|
|
|
|
|
|
|
|
| | |
RFC4422
06/2006
(33 p.)
[html]
[pdf(2)] |
A. Melnikov
K. Zeilenga |
|
Simple Authentication and Security Layer (SASL) |
The Simple Authentication and Security Layer (SASL) is a framework
for providing authentication and data security services in
connection-oriented protocols via replaceable mechanisms. It
provides a structured interface between protocols and mechanisms.
The resulting framework allows new protocols to reuse existing
mechanisms and allows old protocols to make use of new mechanisms.
The framework also provides a protocol for securing subsequent
protocol exchanges within a data security layer.
This document describes how a SASL mechanism is structured, describes
how protocols include support for SASL, and defines the protocol for
carrying a data security layer over a connection. In addition, this
document defines one SASL mechanism, the EXTERNAL mechanism.
This document obsoletes RFC 2222.
|
|
|
| |
| Up List |
Status: | Proposed Standard |
|
|
|
|
|
|
|
|
|
| | |
RFC4505
06/2006
(9 p.)
[html]
[pdf(2)] |
K. Zeilenga |
|
Anonymous Simple Authentication and Security Layer (SASL) Mechanism |
|
On the Internet, it is common practice to permit anonymous access to
various services. Traditionally, this has been done with a plain-text
password mechanism using "anonymous" as the user name and using
optional trace information, such as an email address, as the
password. As plain-text login commands are not permitted in new IETF
protocols, a new way to provide anonymous login is needed within the
context of the Simple Authentication and Security Layer (SASL)
framework.
|
|
|
| |
| Up List |
Status: | Proposed Standard |
|
|
|
|
|
|
|
|
|
| | |
RFC4616
08/2006
(11 p.)
[html]
[pdf(2)] |
K. Zeilenga |
|
The PLAIN Simple Authentication and Security Layer (SASL) Mechanism |
|
This document defines a simple clear-text user/password Simple
Authentication and Security Layer (SASL) mechanism called the PLAIN
mechanism. The PLAIN mechanism is intended to be used, in
combination with data confidentiality services provided by a lower
layer, in protocols that lack a simple password authentication
command.
|
|
|
| |
| Up List |
Status: | Proposed Standard |
|
|
|
|
|
|
|
|
|
| | |
RFC4752
11/2006
(10 p.)
[html]
[pdf(2)] |
A. Melnikov |
|
The Kerberos V5 ("GSSAPI")
Simple Authentication and Security Layer (SASL) Mechanism |
The Simple Authentication and Security Layer (SASL) is a framework
for adding authentication support to connection-based protocols.
This document describes the method for using the Generic Security
Service Application Program Interface (GSS-API) Kerberos V5 in the
SASL.
This document replaces Section 7.2 of RFC 2222, the definition of the
"GSSAPI" SASL mechanism. This document, together with RFC 4422,
obsoletes RFC 2222.
|
|
|
| |
| Up List |
Status: | Proposed Standard |
|
|
|
|
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
##
##
##
##
##
##
## SASLwg
##
##
|
|
|
|
|
|
|
|
| -
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
##
##
##
##
##
##
## SASLwg
##
##
|
|
|
|
|
|
|
|
|
|
| | |
sasl-gs2-09
AD Evaluation::
Revised ID Needed
(Dead)
Oct 9, 2007
(34 p.)
[pdf(2)]
[html]
|
S. Josefsson |
|
Using GSS-API Mechanisms in SASL: The GS2 Mechanism Family |
|
This document describes how to use a Generic Security Service
Application Program Interface (GSS-API) mechanism in the the Simple
Authentication and Security Layer (SASL) framework. This is done by
defining a new SASL mechanism family, called GS2. This mechanism
family offers a number of improvements over the previous SASL/GSS-API
mechanism: it is more general, uses fewer messages for the
authentication phase in some cases, and supports a SASL-specific
notion of channel binding.
|
|
|
| |
| Up List |
Intended Status: | Proposed Standard |
|
|
|
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
##
##
##
##
##
##
## SASLwg
##
##
|
|
|
|
|
|
|
|
|
|
|
|
| |
| Up List |
Intended Status: | Standards Track |
|
|
|
|
|
|
|
|
|
|
|
|
##
##
##
##
##
##
##
##
##
##
##
##
##
##
##
##
## SASLwg
##
##
|
|
|
|
|
|
|
|
|
|
|
|
| |
| Up List |
Intended Status: | Informational |
|
|
|
|
|
|
|
|
| | |
melnikov-digest-
to-historic-00
ID Exists
Sep 8, 2007
(7 p.)
[pdf(2)]
[html]
|
A. Melnikov |
|
Moving DIGEST-MD5 to Historic |
|
This memo documents problems with the DIGEST-MD5 Simple
Authentication and Security Layer (SASL) mechanism, as specified in
RFC 2831. This document recommends DIGEST-MD5 to be marked as
OBSOLETE in the IANA Registry of SASL mechanims and RFC 2831 to be
moved to Historic status.
|
|
|
| |
| Up List |
Intended Status: | Standards Track |
|
|
|
|
|
|
|
|
| | |
zeilenga-sasl-
yap-02
ID Exists
Nov 18, 2007
(8 p.)
[pdf(2)]
[html]
|
K. Zeilenga |
|
SASL Yet Another Password Mechanism |
|
This document describes a password authentication mechanism, called
YAP-SHA-256, for use in protocols which support Simple Authentication
and Security Layer (SASL) framework. The mechanism relies on security
services provided by a lower layer, such as Transport Layer Security
(TLS), to protect the authentication exchange, and subsequent
application data exchange, from common attacks. The YAP-SHA-256
mechanism may be viewed as an alternative to other password-based SASL
mechanism, such as PLAIN, CRAM-MD5, and DIGEST-MD5.
|
|
|
| |
| Up List |
Intended Status: | Experimental |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
