Main copy is located here. It may contain newer information.

Base SASL documents

Description
Document Reference
Authors
SASL draft-ietf-sasl-rfc2222bis A. Melnikov <Alexey.Melnikov at isode.com>
SASLprep (Unicode username/password preparation for SASL) draft-ietf-sasl-saslprep Kurt D. Zeilenga <Kurt at OpenLDAP.org>
C draft-newman-sasl-c-api Chris Newman <chris.newman at sun.com>

A. Melnikov <Alexey.Melnikov at isode.com>


SASL mechanisms

SASL mechanism name
Description
Document Reference
Authors
       
ANONYMOUS Anonymous SASL Mechanism RFC 2245 Chris Newman <chris.newman at sun.com>
Updated by draft-ietf-sasl-anon Kurt D. Zeilenga <Kurt at OpenLDAP.org>
PLAIN Plain login mechanism (single step) RFC 2595 Chris Newman <chris.newman at sun.com>
Updated by draft-ietf-sasl-plain Kurt D. Zeilenga <Kurt at OpenLDAP.org>
LOGIN Plain login mechanism (two step)
draft-murchison-sasl-login
Kenneth Murchison <ken at oceana.com>

Mark Crispin <MRC at CAC.Washington.EDU>

       
CRAM-MD5 Challenge-Response Authentication Mechanism RFC 2195 John C. Klensin <klensin at mci.net>,

Randy Catoe <randy at mci.net>,

Paul Krumviede <paul at mci.net>

    Updated by draft-ietf-sasl-crammd5 Lyndon Nerenberg <lyndon at orthanc.ca>
OTP The One-Time-Password SASL Mechanism RFC 2444 Chris Newman <chris.newman at sun.com>
DIGEST-MD5 Digest Authentication as a SASL Mechanism RFC 2831 Paul Leach <paulle at microsoft.com>,

Chris Newman <chris.newman at sun.com>

Updated by draft-ietf-sasl-rfc2831bis Paul Leach <paulle at microsoft.com>,

Chris Newman <chris.newman at sun.com>

A. Melnikov <Alexey.Melnikov at isode.com>

GSSAPI

GSS-SPNEGO

SASL GSSAPI mechanisms:

GSSAPI is for Kerberos V5 GSSAPI

GSS-algorithm is for GSSAPI algorithm, other than Kerberos V5

draft-ietf-sasl-gssapi

Updates GSSAPI definition in RFC 2222

John G. Myers <jgmyers at netscape.com>
KERBEROS_V4 Kerberos V4 RFC 2222 John G. Myers <jgmyers at netscape.com>
SKEY S/KEY (defined in RFC 1760) One-Time-Password SASL that uses MD4 digest algorithm. 

Obsoleted by OTP

RFC 2222 John G. Myers <jgmyers at netscape.com>
EXTERNAL Mechanism that verifies TLS/SSL, IPSec, PPP, ...) RFC 2222 John G. Myers <jgmyers at netscape.com>
Revision in draft-ietf-sasl-rfc2222bis A. Melnikov <Alexey.Melnikov at isode.com>
SECURID The SecurID(r) SASL Mechanism RFC 2808 Magnus Nystrom <magnus at rsa.com>,

John Brainard <jbrainard at rsa.com>

SRP
Secure Remote Password SASL Mechanism
draft-burdis-cat-srp-sasl K.R. Burdis <cskb at cs.ru.ac.za>,

R. Naffah <raif at forge.com.au>

9798-U-<algorithm>

9798-M-<algorithm>

ISO/IEC 9798-3 Authentication SASL Mechanism.
Mechanisms:
  • "9798-U-<algorithm>" for unilateral client authentication.
  • "9798-M-<algorithm>" for mutual authentication.
Currently defined <algorithm>s:
  • RSA-SHA1-ENC
  • DSA-SHA1
  • ECDSA-SHA1
RFC 3163 Robert Zuccherato <robert.zuccherato at entrust.com>

Magnus Nystrom <magnus at rsasecurity.com>

  Undocumented or expired documents    
NTLM Proprietary Microsoft authentication mechanism   Registered by Paul Leach <paulle at microsoft.com>
NMAS_LOGIN, NMAS_AUTHEN ?   Registered by Mark G. Gayman <mgayman at novell.com>
PASSDSS-3DES-1 DSS Secured Password Authentication Mechanism draft-newman-sasl-passdss-01.txt Chris Newman <chris.newman at sun.com>
SCRAM-MD5 Salted Challenge Response Authentication Mechanism (SCRAM) draft-newman-auth-scram-03.txt Chris Newman <chris.newman at sun.com>
X509-C-<algorithm>

X509-S-<algorithm>

X509-B-<algorithm>

X.509 Authentication SASL Mechanisms:
  • "X509-C-<algorithm>" for client authentication only  
  • "X509-S-<algorithm>" for server authentication only  
  • "X509-B-<algorithm>" for client and server authentication. In this case client authentication is done prior to server authentication. 
draft-ietf-ldapext-x509-sasl Steve Kille <Steve.Kille at isode.com>
ROAMING-ELGAMAL ROAMING-ELGAMAL SASL Authentication Mechanism draft-overell-roaming-elgamal-sasl-00.txt P. Overell <paulo at turnpike.com>
SM2-<SASL-mechanism-name> SM2 -- A Session Management Capable SASL Mechanism draft-naffah-cat-sasl-sm2 David Taylor <dtaylor at forge.com.au>

Raif S. Naffah <raif at forge.com.au>


 
 
 

SASL profiles
Protocols
Document Reference
Authors
SMTP RFC 2554 John G. Myers <jgmyers at netscape.com>
Updated by draft-siemborski-rfc2554bis R. Siemborski <rjs3+ at andrew.cmu.edu>
POP3 RFC 1734 John G. Myers <jgmyers at netscape.com>
Updated by draft-siemborski-rfc1734bis R. Siemborski <rjs3+ at andrew.cmu.edu>
IMAP4 RFC 2060
(see AUTHENTICATE command)
M. Crispin <MRC at CAC.Washington.EDU>
Also draft-siemborski-imap-sasl-initial-response R. Siemborski <rjs3+ at andrew.cmu.edu>
ACAP RFC 2244 Chris Newman <chris.newman at sun.com>,
John G. Myers <jgmyers at netscape.com>
BEEP RFC 3080 Marshall T. Rose <mrose at invisible.net>
XMPP draft-ietf-xmpp-core Peter Saint-Andre<stpeter at jabber.org>
LDAP LDAPv3 (RFC 2251) Mark Wahl <M.Wahl at critical-angle.com>,
Tim Howes 
<howes at netscape.com>,
Steve Kille  <Steve.Kille at isode.com>
Authentication Methods for LDAP (RFC 2829) M. Wahl <M.Wahl at innosoft.com>
H. Alvestrand <Harald at Alvestrand.no>
J. Hodges <JHodges at oblix.com>
R. Morgan <rlmorgan at washington.edu>
Updated by LDAP: Authentication Methods and Connection Level Security Mechanisms R. Harrison <roger_harrison at novell.com>
NNTP Draft expired Chris Newman <chris.newman at sun.com>
Telnet Draft expired Chris Newman <chris.newman at sun.com>
HTTP draft-nystrom-http-sasl    Magnus Nystrom <magnus at rsasecurity.com>

   Alexey Melnikov <mel at isode.com>


 
 
 

SASL APIs

Language
Document Reference
Authors
C draft-newman-sasl-c-api Chris Newman <chris.newman at sun.com>

A. Melnikov <Alexey.Melnikov at isode.com>

Java draft-weltman-java-sasl John Myers <jgmyers at netscape.com>

Rob Weltman <rweltman at netscape.com>

Please, don't send general questions like "What is SASL?" to authors of SASL mechanism documents.
They are busy people.

If you want to add/update information, send the author an email

Table of contents for IETF standard related pages

List composed by Alexey Melnikov. Feel free to send him updates/additions/comments to this list.
Information published on this page is for developers use only. It is prohibited to use this information for commercial purposes.
There is no guaranty that information on this page is accurate and/or up-to-date.

Last updated 09 May 2004

Thank you to Claus Assmann <ca at sendmail.org> for hosting my technical pages

Thank you to all people who sent me updates