SASL related documents

Main copy is located here. It may contain newer information.

Base SASL documents

Description	Document Reference	Authors
SASL	draft-ietf-sasl-rfc2222bis	A. Melnikov <Alexey.Melnikov at isode.com>
SASLprep (Unicode username/password preparation for SASL)	draft-ietf-sasl-saslprep	Kurt D. Zeilenga <Kurt at OpenLDAP.org>
C	draft-newman-sasl-c-api	Chris Newman <chris.newman at sun.com> A. Melnikov <Alexey.Melnikov at isode.com>

SASL mechanisms

SASL mechanism name Description Document Reference Authors

ANONYMOUS Anonymous SASL Mechanism RFC 2245 Chris Newman <chris.newman at sun.com>

Updated by draft-ietf-sasl-anon Kurt D. Zeilenga <Kurt at OpenLDAP.org>

PLAIN Plain login mechanism (single step) RFC 2595 Chris Newman <chris.newman at sun.com>

Updated by draft-ietf-sasl-plain Kurt D. Zeilenga <Kurt at OpenLDAP.org>

LOGIN Plain login mechanism (two step) draft-murchison-sasl-login Kenneth Murchison <ken at oceana.com>
Mark Crispin <MRC at CAC.Washington.EDU>

CRAM-MD5 Challenge-Response Authentication Mechanism RFC 2195 John C. Klensin <klensin at mci.net>,
Randy Catoe <randy at mci.net>,
Paul Krumviede <paul at mci.net>

Updated by draft-ietf-sasl-crammd5 Lyndon Nerenberg <lyndon at orthanc.ca>

OTP The One-Time-Password SASL Mechanism RFC 2444 Chris Newman <chris.newman at sun.com>

DIGEST-MD5 Digest Authentication as a SASL Mechanism RFC 2831 Paul Leach <paulle at microsoft.com>,
Chris Newman <chris.newman at sun.com>

Updated by draft-ietf-sasl-rfc2831bis Paul Leach <paulle at microsoft.com>,
Chris Newman <chris.newman at sun.com>
A. Melnikov <Alexey.Melnikov at isode.com>

GSSAPI
GSS-SPNEGO
SASL GSSAPI mechanisms:
GSSAPI is for Kerberos V5 GSSAPI
GSS-algorithm is for GSSAPI algorithm, other than Kerberos V5
draft-ietf-sasl-gssapi
Updates GSSAPI definition in RFC 2222
John G. Myers <jgmyers at netscape.com>

KERBEROS_V4 Kerberos V4 RFC 2222 John G. Myers <jgmyers at netscape.com>

SKEY S/KEY (defined in RFC 1760) One-Time-Password SASL that uses MD4 digest algorithm.
Obsoleted by OTP
RFC 2222 John G. Myers <jgmyers at netscape.com>

EXTERNAL Mechanism that verifies TLS/SSL, IPSec, PPP, ...) RFC 2222 John G. Myers <jgmyers at netscape.com>
Revision in draft-ietf-sasl-rfc2222bis A. Melnikov <Alexey.Melnikov at isode.com>

SECURID The SecurID(r) SASL Mechanism RFC 2808 Magnus Nystrom <magnus at rsa.com>,
John Brainard <jbrainard at rsa.com>

SRP
Secure Remote Password SASL Mechanism
draft-burdis-cat-srp-sasl K.R. Burdis <cskb at cs.ru.ac.za>,
R. Naffah <raif at forge.com.au>

9798-U-<algorithm>
9798-M-<algorithm>

ISO/IEC 9798-3 Authentication SASL Mechanism. Mechanisms:

"9798-U-<algorithm>" for unilateral client authentication.

"9798-M-<algorithm>" for mutual authentication.

Currently defined <algorithm>s:

RSA-SHA1-ENC

DSA-SHA1

ECDSA-SHA1

RFC 3163 Robert Zuccherato <robert.zuccherato at entrust.com>
Magnus Nystrom <magnus at rsasecurity.com>

Undocumented or expired documents

NTLM Proprietary Microsoft authentication mechanism Registered by Paul Leach <paulle at microsoft.com>

NMAS_LOGIN, NMAS_AUTHEN ? Registered by Mark G. Gayman <mgayman at novell.com>

PASSDSS-3DES-1 DSS Secured Password Authentication Mechanism draft-newman-sasl-passdss-01.txt Chris Newman <chris.newman at sun.com>

SCRAM-MD5 Salted Challenge Response Authentication Mechanism (SCRAM) draft-newman-auth-scram-03.txt Chris Newman <chris.newman at sun.com>

X509-C-<algorithm>
X509-S-<algorithm>
X509-B-<algorithm>
X.509 Authentication SASL Mechanisms:

"X509-C-<algorithm>" for client authentication only

"X509-S-<algorithm>" for server authentication only

"X509-B-<algorithm>" for client and server authentication. In this case client authentication is done prior to server authentication.

draft-ietf-ldapext-x509-sasl Steve Kille <Steve.Kille at isode.com>

ROAMING-ELGAMAL ROAMING-ELGAMAL SASL Authentication Mechanism draft-overell-roaming-elgamal-sasl-00.txt P. Overell <paulo at turnpike.com>

SM2-<SASL-mechanism-name> SM2 -- A Session Management Capable SASL Mechanism draft-naffah-cat-sasl-sm2 David Taylor <dtaylor at forge.com.au>
Raif S. Naffah <raif at forge.com.au>

SASL profiles

Protocols	Document Reference	Authors
SMTP	RFC 2554	John G. Myers <jgmyers at netscape.com>
SMTP	Updated by draft-siemborski-rfc2554bis	R. Siemborski <rjs3+ at andrew.cmu.edu>
POP3	RFC 1734	John G. Myers <jgmyers at netscape.com>
POP3	Updated by draft-siemborski-rfc1734bis	R. Siemborski <rjs3+ at andrew.cmu.edu>
IMAP4	RFC 2060 (see AUTHENTICATE command)	M. Crispin <MRC at CAC.Washington.EDU>
IMAP4	Also draft-siemborski-imap-sasl-initial-response	R. Siemborski <rjs3+ at andrew.cmu.edu>
ACAP	RFC 2244	Chris Newman <chris.newman at sun.com>, John G. Myers <jgmyers at netscape.com>
BEEP	RFC 3080	Marshall T. Rose <mrose at invisible.net>
XMPP	draft-ietf-xmpp-core	Peter Saint-Andre<stpeter at jabber.org>
LDAP	LDAPv3 (RFC 2251)	Mark Wahl <M.Wahl at critical-angle.com>, Tim Howes <howes at netscape.com>, Steve Kille <Steve.Kille at isode.com>
	Authentication Methods for LDAP (RFC 2829)	M. Wahl <M.Wahl at innosoft.com> H. Alvestrand <Harald at Alvestrand.no> J. Hodges <JHodges at oblix.com> R. Morgan <rlmorgan at washington.edu>
	Updated by LDAP: Authentication Methods and Connection Level Security Mechanisms	R. Harrison <roger_harrison at novell.com>
NNTP	Draft expired	Chris Newman <chris.newman at sun.com>
Telnet	Draft expired	Chris Newman <chris.newman at sun.com>
HTTP	draft-nystrom-http-sasl	Magnus Nystrom <magnus at rsasecurity.com> Alexey Melnikov <mel at isode.com>

SASL APIs

Language	Document Reference	Authors
C	draft-newman-sasl-c-api	Chris Newman <chris.newman at sun.com> A. Melnikov <Alexey.Melnikov at isode.com>
Java	draft-weltman-java-sasl	John Myers <jgmyers at netscape.com> Rob Weltman <rweltman at netscape.com>

Please, don't send general questions like "What is SASL?" to authors of SASL mechanism documents.
They are busy people.

If you want to add/update information, send the author an email

Table of contents for IETF standard related pages

List composed by Alexey Melnikov. Feel free to send him updates/additions/comments to this list.
Information published on this page is for developers use only. It is prohibited to use this information for commercial purposes.
There is no guaranty that information on this page is accurate and/or up-to-date.

Last updated 09 May 2004

Thank you to Claus Assmann <ca at sendmail.org> for hosting my technical pages

Thank you to all people who sent me updates

SASL mechanism name	Description	Document Reference	Authors

*ANONYMOUS*	Anonymous SASL Mechanism	RFC 2245	Chris Newman <chris.newman at sun.com>
*ANONYMOUS*	Anonymous SASL Mechanism	Updated by draft-ietf-sasl-anon	Kurt D. Zeilenga <Kurt at OpenLDAP.org>
*PLAIN*	Plain login mechanism (single step)	RFC 2595	Chris Newman <chris.newman at sun.com>
*PLAIN*	Plain login mechanism (single step)	Updated by draft-ietf-sasl-plain	Kurt D. Zeilenga <Kurt at OpenLDAP.org>
*LOGIN*	Plain login mechanism (two step)	draft-murchison-sasl-login	Kenneth Murchison <ken at oceana.com> Mark Crispin <MRC at CAC.Washington.EDU>

*CRAM-MD5*	Challenge-Response Authentication Mechanism	RFC 2195	John C. Klensin <klensin at mci.net>, Randy Catoe <randy at mci.net>, Paul Krumviede <paul at mci.net>
		Updated by draft-ietf-sasl-crammd5	Lyndon Nerenberg <lyndon at orthanc.ca>
*OTP*	The One-Time-Password SASL Mechanism	RFC 2444	Chris Newman <chris.newman at sun.com>
*DIGEST-MD5*	Digest Authentication as a SASL Mechanism	RFC 2831	Paul Leach <paulle at microsoft.com>, Chris Newman <chris.newman at sun.com>
*DIGEST-MD5*	Digest Authentication as a SASL Mechanism	Updated by draft-ietf-sasl-rfc2831bis	Paul Leach <paulle at microsoft.com>, Chris Newman <chris.newman at sun.com> A. Melnikov <Alexey.Melnikov at isode.com>
*GSSAPI* *GSS-SPNEGO*	SASL GSSAPI mechanisms: GSSAPI is for Kerberos V5 GSSAPI GSS-algorithm is for GSSAPI algorithm, other than Kerberos V5	draft-ietf-sasl-gssapi Updates GSSAPI definition in RFC 2222	John G. Myers <jgmyers at netscape.com>
*KERBEROS_V4*	Kerberos V4	RFC 2222	John G. Myers <jgmyers at netscape.com>
*SKEY*	S/KEY (defined in RFC 1760) One-Time-Password SASL that uses MD4 digest algorithm. Obsoleted by *OTP*	RFC 2222	John G. Myers <jgmyers at netscape.com>
*EXTERNAL*	Mechanism that verifies TLS/SSL, IPSec, PPP, ...)	RFC 2222	John G. Myers <jgmyers at netscape.com>
*EXTERNAL*	Mechanism that verifies TLS/SSL, IPSec, PPP, ...)	Revision in draft-ietf-sasl-rfc2222bis	A. Melnikov <Alexey.Melnikov at isode.com>
*SECURID*	The SecurID(r) SASL Mechanism	RFC 2808	Magnus Nystrom <magnus at rsa.com>, John Brainard <jbrainard at rsa.com>
*SRP*	Secure Remote Password SASL Mechanism	draft-burdis-cat-srp-sasl	K.R. Burdis <cskb at cs.ru.ac.za>, R. Naffah <raif at forge.com.au>
*9798-U-<algorithm>* *9798-M-<algorithm>*	ISO/IEC 9798-3 Authentication SASL Mechanism. Mechanisms: "9798-U-<algorithm>" for unilateral client authentication. "9798-M-<algorithm>" for mutual authentication. Currently defined <algorithm>s: RSA-SHA1-ENC DSA-SHA1 ECDSA-SHA1	RFC 3163	Robert Zuccherato <robert.zuccherato at entrust.com> Magnus Nystrom <magnus at rsasecurity.com>
	Undocumented or expired documents
NTLM	Proprietary Microsoft authentication mechanism		Registered by Paul Leach <paulle at microsoft.com>
NMAS_LOGIN, NMAS_AUTHEN	?		Registered by Mark G. Gayman <mgayman at novell.com>
*PASSDSS-3DES-1*	DSS Secured Password Authentication Mechanism	draft-newman-sasl-passdss-01.txt	Chris Newman <chris.newman at sun.com>
*SCRAM-MD5*	Salted Challenge Response Authentication Mechanism (SCRAM)	draft-newman-auth-scram-03.txt	Chris Newman <chris.newman at sun.com>
*X509-C-<algorithm>* *X509-S-<algorithm>* *X509-B-<algorithm>*	X.509 Authentication SASL Mechanisms: "X509-C-<algorithm>" for client authentication only "X509-S-<algorithm>" for server authentication only "X509-B-<algorithm>" for client and server authentication. In this case client authentication is done prior to server authentication.	draft-ietf-ldapext-x509-sasl	Steve Kille <Steve.Kille at isode.com>
*ROAMING-ELGAMAL*	ROAMING-ELGAMAL SASL Authentication Mechanism	draft-overell-roaming-elgamal-sasl-00.txt	P. Overell <paulo at turnpike.com>
SM2-<SASL-mechanism-name>	SM2 -- A Session Management Capable SASL Mechanism	draft-naffah-cat-sasl-sm2	David Taylor <dtaylor at forge.com.au> Raif S. Naffah <raif at forge.com.au>