draft-ietf-sasl-rfc2222bis-02.txt   draft-ietf-sasl-rfc2222bis-03.txt 
Network Working Group A. Melnikov Network Working Group A. Melnikov
Internet Draft Editor Internet Draft Editor
Document: draft-ietf-sasl-rfc2222bis-02.txt August 2003 Document: draft-ietf-sasl-rfc2222bis-03.txt October 2003
Expires in six months Expires in six months
Simple Authentication and Security Layer (SASL) Simple Authentication and Security Layer (SASL)
Status of this Memo Status of this Memo
This document is an Internet Draft and is in full conformance with This document is an Internet Draft and is in full conformance with
all provisions of Section 10 of RFC 2026. all provisions of Section 10 of RFC 2026.
Internet Drafts are working documents of the Internet Engineering Internet Drafts are working documents of the Internet Engineering
skipping to change at page 2, line ? skipping to change at page 2, line ?
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
A revised version of this draft document will be submitted to the RFC A revised version of this draft document will be submitted to the RFC
editor as a Draft Standard for the Internet Community. Discussion editor as a Draft Standard for the Internet Community. Discussion
and suggestions for improvement are requested. Distribution of this and suggestions for improvement are requested. Distribution of this
draft is unlimited. draft is unlimited.
Internet DRAFT SASL 19 August 2003 When published as an RFC this document will obsolete RFC 2222.
Internet DRAFT SASL 18 October 2003
1. Abstract 1. Abstract
SASL provides a method for adding authentication support with an The Simple Authentication and Security Layer (SASL) provides a method
optional security layer to connection-based protocols. It also for adding authentication support with an optional security layer to
describes a structure for authentication mechanisms. The result is connection-based protocols. It also describes a structure for
an abstraction layer between protocols and authentication mechanisms authentication mechanisms. The result is an abstraction layer
such that any SASL-compatible authentication mechanism can be used between protocols and authentication mechanisms such that any SASL-
with any SASL-compatible protocol. compatible authentication mechanism can be used with any SASL-
compatible protocol.
This document describes how a SASL authentication mechanism is This document describes how a SASL authentication mechanism is
structured, how a protocol adds support for SASL, defines the structured, describes how a protocol adds support for SASL, defines
protocol for carrying a security layer over a connection, and defines the protocol for carrying a security layer over a connection, and
the EXTERNAL SASL authentication mechanism. defines the EXTERNAL SASL authentication mechanism.
2. Organization of this document 2. Organization of this document
2.1. How to read this document 2.1. How to read this document
This document is written to serve two different audiences, protocol This document is written to serve two different audiences, protocol
designers using this specification to support authentication in their designers using this specification to support authentication in their
protocol, and implementors of clients or servers for those protocols protocol, and implementors of clients or servers for those protocols
using this specification. using this specification.
skipping to change at page 2, line ? skipping to change at page 2, line ?
2.2. Conventions used in this document 2.2. Conventions used in this document
In examples, "C:" and "S:" indicate lines sent by the client and In examples, "C:" and "S:" indicate lines sent by the client and
server respectively. server respectively.
The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY" The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY"
in this document are to be interpreted as defined in "Key words for in this document are to be interpreted as defined in "Key words for
use in RFCs to Indicate Requirement Levels" [KEYWORDS]. use in RFCs to Indicate Requirement Levels" [KEYWORDS].
Character names in this document use the notation for code points and
names from the Unicode Standard [Unicode]. For example, the letter
"a" may be represented as either <U+0061> or <LATIN SMALL LETTER A>.
Internet DRAFT SASL 18 October 2003
3. Overview 3. Overview
The Simple Authentication and Security Layer (SASL) is a method for The Simple Authentication and Security Layer (SASL) is a method for
adding authentication support to connection-based protocols. adding authentication support to connection-based protocols.
The SASL specification has three layers, as indicated in the diagram The SASL specification has three layers, as indicated in the diagram
Internet DRAFT SASL 19 August 2003
below. At the top, a protocol definition using SASL specifies a below. At the top, a protocol definition using SASL specifies a
profile, including a command for identifying and authenticating a profile, including a command for identifying and authenticating a
user to a server and for optionally negotiating a security layer for user to a server and for optionally negotiating a security layer for
subsequent protocol interactions. At the bottom, a SASL mechanism subsequent protocol interactions. At the bottom, a SASL mechanism
definition specifies an authentication mechanism. The SASL definition specifies an authentication mechanism. The SASL
framework, specified by this document, constrains the behavior of framework, specified by this document, constrains the behavior of
protocol profiles and mechanisms, separating protocol from mechanism protocol profiles and mechanisms, separating protocol from mechanism
and defining how they interact. and defining how they interact.
SMTP Protocol LDAP Protocol Etc SMTP Protocol LDAP Protocol Etc
skipping to change at page 3, line 29 skipping to change at page 3, line 35
| // | //
SASL framework SASL framework
/ | \ / | \
/----- | -----\ /----- | -----\
EXTERNAL DIGEST-MD5 Etc EXTERNAL DIGEST-MD5 Etc
SASL mechanism SASL mechanism . . . SASL mechanism SASL mechanism . . .
This separation between the definition of protocols and the This separation between the definition of protocols and the
definition of authentication mechanisms is crucial. It permits an definition of authentication mechanisms is crucial. It permits an
authentication mechanism to be defined once, making it usable by any authentication mechanism to be defined once, making it usable by any
SASL protocol profiles. In many implementations, the same SASL SASL protocol profile. In many implementations, the same SASL
mechanism code is used for multiple protocols. mechanism code is used for multiple protocols.
4. Authentication mechanisms 4. Authentication mechanisms
SASL mechanisms are named by strings, from 1 to 20 characters in SASL mechanisms are named by strings, from 1 to 20 characters in
length, consisting of upper-case letters, digits, hyphens, and/or length, consisting of upper-case ASCII [ASCII] letters, digits,
underscores. SASL mechanism names must be registered with the IANA. hyphens, and/or underscores. SASL mechanism names must be registered
IETF Standards Track documents may override this registration with the Internet Assigned Numbers Authority (IANA). IETF standards
requirement by reserving a portion of the SASL mechanism namespace track documents may direct the IANA to reserve a portion of the SASL
for their own use; the GSSAPI mechanism specification [SASL-GSSAPI] mechanism namespace and may specify different registration criteria
does this. Procedures for registering new SASL mechanisms are given for the reserved portion; the GSSAPI mechanism specification [SASL-
in the section "Registration procedures". GSSAPI] does this. Procedures for registering new SASL mechanisms are
given in the section 8.
The "sasl-mech" rule below defines the syntax of a SASL mechanism The "sasl-mech" rule below defines the syntax of a SASL mechanism
name. This uses the augmented Backus-Naur Form (BNF) notation as name. This uses the Augmented Backus-Naur Form (ABNF) notation as
specified in [ABNF] and the ABNF core rules as specified in Appendix specified in [ABNF] and the ABNF core rules as specified in Appendix
A of the ABNF specification [ABNF]. A of the ABNF specification [ABNF].
Internet DRAFT SASL 18 October 2003
sasl-mech = 1*20mech-char sasl-mech = 1*20mech-char
mech-char = %x41-5A / DIGIT / "-" / "_" mech-char = %x41-5A / DIGIT / "-" / "_"
; mech names restricted to uppercase letters, ; mech names restricted to uppercase ASCII letters,
; digits, "-" and "_" ; digits, "-" and "_"
Internet DRAFT SASL 19 August 2003
4.1. Authentication protocol exchange 4.1. Authentication protocol exchange
A SASL mechanism is responsible for conducting an authentication A SASL mechanism is responsible for conducting an authentication
protocol exchange. This consists of a series of server challenges protocol exchange. This consists of a series of server challenges
and client responses, the contents of which are specific to and and client responses, the contents of which are specific to and
defined by the mechanism. To the protocol, the challenges and defined by the mechanism. To the protocol, the challenges and
responses are opaque binary tokens of arbitrary length. The responses are opaque binary tokens of arbitrary length. The
protocol's profile then specifies how these binary tokens are then protocol's profile then specifies how these binary tokens are then
encoded for transfer over the connection. encoded for transfer over the connection.
After receiving an authentication command or any client response, a After receiving an authentication command or any client response, a
server mechanism may issue a challenge, indicate failure, or indicate server mechanism may issue a challenge, indicate failure, or indicate
completion. The server mechanism MAY return additional data with a completion. The server mechanism may return additional data with a
completion indication. The protocol's profile specifies how each of completion indication. The protocol's profile specifies how each of
these is then represented over the connection. these is then represented over the connection.
After receiving a challenge, a client mechanism may issue a response After receiving a challenge, a client mechanism may issue a response
or abort the exchange. The protocol's profile specifies how each of or abort the exchange. The protocol's profile specifies how each of
these is then represented over the connection. these is then represented over the connection.
During the authentication protocol exchange, the mechanism performs During the authentication protocol exchange, the mechanism performs
authentication, transmits an authorization identity (frequently known authentication, transmits an authorization identity (frequently known
as a userid) from the client to server, and negotiates the use of a as a userid) from the client to server, and negotiates the use of a
mechanism-specific security layer. If the use of a security layer is mechanism-specific security layer. If the use of a security layer is
agreed upon, then the mechanism must also define or negotiate the agreed upon, then the mechanism must also define or negotiate the
maximum security layer buffer size that each side is able to receive. maximum security layer buffer size that each side is able to receive.
4.2. Authorization identities and proxy authentication 4.2. Authorization identities and proxy authentication
An authorization identity is a string of zero or more ISO 10646 An authorization identity is a string of zero or more ISO 10646
[ISO-10646] coded characters. The NUL (U+0000) character is not [ISO-10646] coded characters. The NUL <U+0000> character is not
permitted in authorization identities. The meaning of an permitted in authorization identities. The meaning of an
authorization identity of the empty string (zero length) is defined authorization identity of the empty string (zero length) is defined
below in this section. The authorization identity is used by the below in this section. The authorization identity is used by the
server as the primary identity for making access policy decisions. server as the primary identity for making access policy decisions.
The character encoding scheme used for transmitting an authorization The character encoding scheme used (see [CHARSET-POLICY] for IETF
identity over protocol is specified in each authentication mechanism policy regarding character sets in IETF protocols) for transmitting
(with the authentication mechanism's blob being further an authorization identity over protocol is specified in each
restricted/encoded by the protocol profile). Per IETF character set authentication mechanism (with the authentication mechanism's data
policy [CHARSET-POLICY], authentication mechanisms SHOULD encode being further restricted/encoded by the protocol profile).
these and other strings in UTF-8 [UTF-8]. While some legacy Authentication mechanisms SHOULD encode these and other strings in
mechanisms are incapable of transmitting an authorization identity
other than the empty string, newly defined mechanisms are expected to
be capable of carrying the entire Unicode repertoire (with the
exception of the NUL character). An authorization identity of the
empty string and and an absent authorization identity MUST be treated
as equivalent. However, mechanisms SHOULD NOT allow both (i.e. if an
Internet DRAFT SASL 19 August 2003 Internet DRAFT SASL 18 October 2003
authorization identity is allowed to be absent, but one is UTF-8 [UTF-8]. While some legacy mechanisms are incapable of
transferred, it SHOULD NOT be an empty string). transmitting an authorization identity other than the empty string,
newly defined mechanisms are expected to be capable of carrying the
entire Unicode repertoire (with the exception of the NUL character).
An authorization identity of the empty string and an absent
authorization identity MUST be treated as equivalent. However,
mechanisms SHOULD NOT allow both. That is, a mechanism which provides
an optional field for an authorization identity, SHOULD NOT allow
that field, when present, to be empty.
The identity derived from the client's authentication credentials is The identity derived from the client's authentication credentials is
known as the "authentication identity". With any mechanism, known as the "authentication identity". With any mechanism,
transmitting an authorization identity of the empty string directs transmitting an authorization identity of the empty string directs
the server to derive an authorization identity from the client's the server to derive an authorization identity from the client's
authentication identity. authentication identity.
If the authorization identity transmitted during the authentication If the authorization identity transmitted during the authentication
protocol exchange is not the empty string, this is typically referred protocol exchange is not the empty string, this is typically referred
to as "proxy authentication". This feature permits agents such as to as "proxy authentication". This feature permits agents such as
skipping to change at page 5, line 31 skipping to change at page 5, line 38
proxying. proxying.
The server makes an implementation defined policy decision as to The server makes an implementation defined policy decision as to
whether the authentication identity is permitted to have the access whether the authentication identity is permitted to have the access
privileges of the authorization identity and whether the privileges of the authorization identity and whether the
authorization identity is permitted to receive service. If it is authorization identity is permitted to receive service. If it is
not, the server indicates failure of the authentication protocol not, the server indicates failure of the authentication protocol
exchange. exchange.
As a client might not have the same information as the server, As a client might not have the same information as the server,
clients SHOULD NOT themselves try to derive authorization identities clients SHOULD NOT derive authorization identities from
from authentication identities when clients could instead transmit an authentication identities. Instead, clients SHOULD provide no (or
authorization identity of the empty string. empty) authorization identity when the user has not provided an
authorization identity.
The server SHOULD verify the correctness of a received authorization The server MUST verify that a received authorization identity is in
identity. Profiles whose authorization identities are simple user the correct form. Profiles whose authorization identities are simple
names (e.g. IMAP [RFC 3501]) are encouraged to employ [SASLPrep] user names (e.g. IMAP [RFC 3501]) SHOULD use "SASLPrep" profile
profile [SASLPrep] of the "stringprep" algorithm [StringPrep] to [SASLPrep] of the "stringprep" algorithm [StringPrep] to prepare
prepare these names for matching. If the preparation of the these names for matching. The profiles MAY use a stringprep profile
that is more strict than "SASLPrep". If the preparation of the
authorization identity fails or results in an empty string, the authorization identity fails or results in an empty string, the
server MUST fail the authentication exchange. The only exception to server MUST fail the authentication exchange. The only exception to
this rule is when the received authorization identity is already the this rule is when the received authorization identity is already the
empty string. empty string.
Internet DRAFT SASL 18 October 2003
4.3. Security layers 4.3. Security layers
If use of a security layer is negotiated by the authentication If use of a security layer is negotiated by the authentication
protocol exchange, the security layer is applied to all subsequent protocol exchange, the security layer is applied to all subsequent
data sent over the connection. The security layer takes effect data sent over the connection (until another security layer or no
immediately following the last response of the authentication security layer is negotiated; see also section 6.3). The security
exchange for data sent by the client and the completion indication layer takes effect immediately following the last response of the
for data sent by the server. authentication exchange for data sent by the client and the
completion indication for data sent by the server.
Internet DRAFT SASL 19 August 2003
Once the security layer is in effect, the protocol stream is Once the security layer is in effect, the protocol stream is
processed by the security layer into buffers of security encoded processed by the security layer into buffers of security encoded
data. Each buffer of security encoded data is transferred over the data. Each buffer of security encoded data is transferred over the
connection as a stream of octets prepended with a four octet field in connection as a stream of octets prepended with a four octet field in
network byte order that represents the length of the following network byte order that represents the length of the following
buffer. The length of the security encoded data buffer MUST be no buffer. The length of the security encoded data buffer MUST be no
larger than the maximum size that was either defined in the mechanism larger than the maximum size that was either defined in the mechanism
specification or negotiated by the other side during the specification or negotiated by the other side during the
authentication protocol exchange. Upon the receipt of a data buffer authentication protocol exchange. Upon the receipt of a data buffer
which is larger than the defined/negotiated maximal buffer size, the which is larger than the defined/negotiated maximal buffer size, the
receiver SHOULD close the connection. This might be a sign of an receiver SHOULD close the connection. This might be a sign of an
attack or a buggy implementation. attack or a buggy implementation.
4.4. Character string issues 4.4. Character string issues
Per IETF character set policy [CHARSET-POLICY], authentication Authentication mechanisms SHOULD encode character strings in UTF-8
mechanisms SHOULD encode character strings in UTF-8 [UTF-8]. In [UTF-8] (see [CHARSET-POLICY] for IETF policy regarding character
order to avoid noninteroperability due to differing normalizations, sets in IETF protocols). In order to avoid noninteroperability due
when a mechanism specifies that a string authentication identity or to differing normalizations, when a mechanism specifies that a string
password used as input to a cryptographic function (or used for authentication identity or password used as input to a cryptographic
comparison) it SHOULD specify that the string first be prepared using function (or used for comparison) it SHOULD specify that the string
the "SASLPrep" profile [SASLPrep], of the "stringprep" algorithm first be prepared using the "SASLPrep" profile [SASLPrep] of the
[StringPrep]. This should be done by both the client (upon getting "stringprep" algorithm [StringPrep]. There are three entities that
user input or retrieving a value from configuration) and by the has to deal with this issue: a client (upon getting user input or
server (upon receiving the value from the client). If preparation retrieving a value from configuration), a server (upon receiving the
fails or results in an empty string, the client/server SHALL fail the value from the client) and a utility that is able to store
passwords/hashes in a database that can be later used by the server.
The preparation must be done by the client and the utility and may be
done by the server. If preparation fails or results in an empty
string, the entity doing the preparation SHALL fail the
authentication exchange. authentication exchange.
5. Protocol profile requirements 5. Protocol profile requirements
In order to use this specification, a protocol definition MUST supply In order to use this specification, a protocol definition MUST supply
the following information: the following information:
Internet DRAFT SASL 18 October 2003
A service name, to be selected from the IANA registry of "service" A service name, to be selected from the IANA registry of "service"
elements for the GSSAPI host-based service name form. [GSSAPI] This elements for the GSSAPI host-based service name form [GSSAPI]. This
service name is made available to the authentication mechanism. service name is made available to the authentication mechanism.
The registry is available at the URL The registry is available at the URL
"http://www.iana.org/assignments/gssapi-service-names" A definition <http://www.iana.org/assignments/gssapi-service-names>.
of the command to initiate the authentication protocol exchange.
This command must have as a parameter the name of the mechanism being A definition of the command to initiate the authentication protocol
selected by the client. exchange. This command must have as a parameter the name of the
mechanism being selected by the client.
The command SHOULD have an optional parameter giving an initial The command SHOULD have an optional parameter giving an initial
response. This optional parameter allows the client to avoid a round response. This optional parameter allows the client to avoid a round
trip when using a mechanism which is defined to have the client send trip when using a mechanism which is defined to have the client send
data first. When this initial response is sent by the client and the data first. When this initial response is sent by the client and the
Internet DRAFT SASL 19 August 2003
selected mechanism is defined to have the server start with an selected mechanism is defined to have the server start with an
initial challenge, the command fails. See section 6.1 of this initial challenge, the command fails. See section 6.1 of this
document for further information. document for further information.
A definition of the method by which the authentication protocol A definition of the method by which the authentication protocol
exchange is carried out, including how the challenges and responses exchange is carried out, including how the challenges and responses
are encoded, how the server indicates completion or failure of the are encoded, how the server indicates completion or failure of the
exchange, how the client aborts an exchange, and how the exchange exchange, how the client aborts an exchange, and how the exchange
method interacts with any line length limits in the protocol. method interacts with any line length limits in the protocol.
The command SHOULD have a method for the server to include an The exchange method SHOULD allow the server to include an optional
optional challenge with a success notification. This allows the data ("optional challenge") with a success notification. This allows
server to avoid a round trip when using a mechanism which is defined the server to avoid a round trip when using a mechanism which is
to have the server send additional data along with the indication of defined to have the server send additional data along with the
successful completion. See section 6.2 of this document for further indication of successful completion. See section 6.2 of this
information. document for further information.
In addition, a protocol profile SHOULD specify a mechanism through In addition, a protocol profile SHOULD specify a mechanism through
which a client may obtain the names of the SASL mechanisms available which a client may obtain the names of the SASL mechanisms available
to it. This is typically done through the protocol's extensions or to it. This is typically done through the protocol's extensions or
capabilities mechanism. capabilities mechanism.
Identification of the octet where any negotiated security layer Identification of the octet where any negotiated security layer
starts to take effect, in both directions. starts to take effect, in both directions.
Specify if the protocol supports "multiple authentications" (see
section 6.3).
If both TLS and SASL security layer are allowed to be negotiated by If both TLS and SASL security layer are allowed to be negotiated by
the protocol, the protocol profile MUST define in which order they the protocol, the protocol profile MUST define in which order they
are applied to a cleartext data sent over the connection. are applied to a cleartext data sent over the connection.
A protocol profile MAY further refine the definition of an A protocol profile MAY further refine the definition of an
Internet DRAFT SASL 18 October 2003
authorization identity by adding additional syntactic restrictions authorization identity by adding additional syntactic restrictions
and protocol-specific semantics. A protocol profile MUST specify the and protocol-specific semantics. A protocol profile MUST specify the
form of the authorization identity (as it is protocol specific, as form of the authorization identity (since it is protocol specific, as
opposed to the authentication identity which is mechanism specific) opposed to the authentication identity, which is mechanism specific)
and how authorization identities are to be compared. Profiles whose and how authorization identities are to be compared. Profiles whose
authorization identities are simple user names (e.g. IMAP [RFC 3501]) authorization identities are simple user names (e.g. IMAP [RFC 3501])
are encouraged to employ [SASLPrep] profile [SASLPrep] of the SHOULD use "SASLPrep" profile [SASLPrep] of the "stringprep"
"stringprep" algorithm [StringPrep] to prepare these names for algorithm [StringPrep] to prepare these names for matching. The
matching. profiles MAY use a stringprep profile that is more strict than
SASLPrep.
Certain SASL mechanisms, e.g. DIGEST-MD5 [SASL-DIGEST], use a concept
of realm. Conceptually, realm is the name of a collection of user's
accounts. Realms allow the protected resources on a server to be
partitioned into a set of protection spaces, each with its own
authentication mechanisms and/or authorization database. For example,
a proxy/frontend can use different realms for different
servers/backends it represents. The realm value is a case-
insensitive string, generally assigned by the origin server, which
Internet DRAFT SASL 19 August 2003
may have additional semantics specific to the authentication
mechanism.
A protocol profile SHOULD provide a guidance how realms are to be
constructed and used in the protocol and MAY further restrict its
syntax and protocol-specific semantics.
A protocol profile SHOULD NOT attempt to amend the definition of A protocol profile SHOULD NOT attempt to amend the definition of
mechanisms or make mechanism-specific encodings. This breaks the mechanisms or make mechanism-specific encodings. This breaks the
separation between protocol and mechanism that is fundamental to the separation between protocol and mechanism that is fundamental to the
design of SASL. design of SASL. Likewise, SASL mechanisms SHOULD be profile neutral.
6. Specific issues 6. Specific issues
6.1. Client sends data first 6.1. Client sends data first
Some mechanisms specify that the first data sent in the Some mechanisms specify that the first data sent in the
authentication protocol exchange is from the client to the server. authentication protocol exchange is from the client to the server.
If a protocol's profile permits the command which initiates an If a protocol's profile permits the command which initiates an
authentication protocol exchange to contain an initial client authentication protocol exchange to contain an initial client
skipping to change at page 8, line 52 skipping to change at page 9, line 5
exchange. This data would, for example, authenticate the server to exchange. This data would, for example, authenticate the server to
the client. the client.
If a protocol's profile does not permit this additional data to be If a protocol's profile does not permit this additional data to be
returned with a success indication, then the server issues the data returned with a success indication, then the server issues the data
as a server challenge, without an indication of successful as a server challenge, without an indication of successful
completion. The client then responds with no data. After receiving completion. The client then responds with no data. After receiving
this empty response, the server then indicates successful completion this empty response, the server then indicates successful completion
(with no additional data). (with no additional data).
Internet DRAFT SASL 18 October 2003
Client implementors should be aware of an additional failure case Client implementors should be aware of an additional failure case
that might occur when the profile supports sending the additional that might occur when the profile supports sending the additional
data with success. Imagine that an active attacker is trying to data with success. Imagine that an active attacker is trying to
impersonate the server and sends faked data, which should be used to
Internet DRAFT SASL 19 August 2003
impersonate the server and sends a faked data, that should be used to
authenticate the server to the client, with success. (A similar authenticate the server to the client, with success. (A similar
situation can happen when either the server and/or the client has a situation can happen when either the server and/or the client has a
bug and they calculate different responses). After checking the data bug and they calculate different responses.) After checking the data,
the client will think that the authentication exchange has failed, the client will think that the authentication exchange has failed,
however the server will think that the authentication exchange has however the server will think that the authentication exchange has
completed successfully. At this point the client can't abort the completed successfully. At this point the client can not abort the
authentication exchange, it SHOULD close the connection instead. authentication exchange, it SHOULD close the connection instead.
However, if the profile didn't support sending of additional data However, if the profile did not support sending of additional data
with success, the client could have aborted the exchange at the very with success, the client could have aborted the exchange at the very
last step of the authentication exchange. last step of the authentication exchange.
6.3. Multiple authentications 6.3. Multiple authentications
Unless otherwise stated by the protocol's profile, only one Unless otherwise stated by the protocol's profile, only one
successful SASL negotiation may occur in a protocol session. In this successful SASL negotiation may occur in a protocol session. In this
case, once an authentication protocol exchange has successfully case, once an authentication protocol exchange has successfully
completed, further attempts to initiate an authentication protocol completed, further attempts to initiate an authentication protocol
exchange fail. exchange fail.
In the case that a profile explicitly permits multiple successful If a profile explicitly permits multiple successful SASL negotiations
SASL negotiations to occur, then in no case may multiple security to occur, then in no case may multiple security layers be
layers be simultaneously in effect. If a security layer is in effect simultaneously in effect. If a security layer is in effect and a
and a subsequent SASL negotiation selects a second security layer, subsequent SASL negotiation selects a second security layer, then the
then the second security layer replaces the first. If a security second security layer replaces the first. If a security layer is in
layer is in effect and a subsequent SASL negotiation selects no effect and a subsequent SASL negotiation selects no security layer,
security layer, the original security layer must be removed. The next the original security layer MUST be removed. The next paragraphs
paragraph explains why this is important. explain why this is important.
Below the term "realm" has the meaning as defined in the section 5. Let's assume that the protected resources on a server are partitioned
A security layer that remains in effect when a client, which already into a set of protection spaces, each with its own authentication
has authenticated and established the security layer with "Realm A", mechanisms and/or authorization database. Let's use the term "realm"
authenticates to "Realm B", without negotiating a new security layer, to reference any such protected space. Conceptually, realm is a named
enables "Realm B" to make guesses about previously observed collection of user's accounts. For example, a proxy/frontend can use
ciphertext using the server's SASL engine as an oracle. "Realm B" may different realms for different servers/backends it represents.
observe how known cleartext is encrypted.
Internet DRAFT SASL 19 August 2003 Now consider the following scenario. A client has already
authenticated and established a security layer with "Realm A" which
is managed by the server AA. Now the same client authenticates to
"Realm B" (managed by the server BB) without negotiating a new
security layer, while the security layer negotiated with "Realm A"
remains in effect. The server BB is now able observe how known
cleartext is encrypted. This scenario enables the server BB to make
guesses about previously observed ciphertext between the client and
the server AA using the server's SASL engine as an oracle. This
Internet DRAFT SASL 18 October 2003
scenario is illustrated below:
Internet DRAFT SASL 18 October 2003
+---------+ +---------+ +---------+ +---------+
| | | | | | | |
| Realm B | | Realm A | | Realm B | | Realm A |
| | | | | | | |
+---------+ +---------+ +---------+ +---------+
| ^ | | ^ |
| : +-----------+ | | : +-----------+ |
Traffic from | : | Encryption| | Traffic from A Traffic from | : | Encryption| | Traffic from A
B to client +-------->| end point |<-------+ to client B to client +-------->| end point |<-------+ to client
skipping to change at page 10, line 49 skipping to change at page 11, line 49
authorization identity. The form of the authorization identity is authorization identity. The form of the authorization identity is
further restricted by the application-level protocol's SASL profile. further restricted by the application-level protocol's SASL profile.
The server uses information, external to SASL, to determine whether The server uses information, external to SASL, to determine whether
the client is authorized to authenticate as the authorization the client is authorized to authenticate as the authorization
identity. If the client is so authorized, the server indicates identity. If the client is so authorized, the server indicates
successful completion of the authentication exchange; otherwise the successful completion of the authentication exchange; otherwise the
server indicates failure. server indicates failure.
The system providing this external information may be, for example, The system providing this external information may be, for example,
IPsec or TLS. IPSec or TLS. However, the client can make no assumptions as to what
information the server can use in determining client authorization.
E.g., just because TLS was established, doesn't mean that the server
will use the information provided by TLS.
If the client sends the empty string as the authorization identity If the client sends the empty string as the authorization identity
(thus requesting the authorization identity be derived from the
client's authentication credentials), the authorization identity is
to be derived from authentication credentials which exist in the
Internet DRAFT SASL 19 August 2003 Internet DRAFT SASL 18 October 2003
system which is providing the external authentication. (thus requesting that the authorization identity be derived from the
client's authentication credentials), the authorization identity is
to be derived from authentication credentials which exist in the
system that is providing the external authentication.
7.1. Formal syntax 7.1. Formal syntax
The following syntax specification uses the augmented Backus-Naur The following syntax specification uses the augmented Backus-Naur
Form (BNF) notation as specified in [ABNF]. This uses the ABNF core Form (BNF) notation as specified in [ABNF]. This uses the ABNF core
rules as specified in Appendix A of the ABNF specification [ABNF]. rules as specified in Appendix A of the ABNF specification [ABNF].
Non-terminals referenced but not defined below are as defined by Non-terminals referenced but not defined below are as defined by
[UTF-8]. [UTF-8].
The "initial-response" rule below defines the initial response sent The "extern-init-resp" rule below defines the initial response sent
from client to server. from client to server.
initial-response = *( UTF8-char-no-null ) extern-init-resp = *( UTF8-char-no-nul )
UTF8-char-no-null = UTF8-1-no-null / UTF8-2 / UTF8-3 / UTF8-4 UTF8-char-no-nul = UTF8-1-no-nul / UTF8-2 / UTF8-3 / UTF8-4
UTF8-1-no-null = %x01-7F UTF8-1-no-nul = %x01-7F
7.2. Example 7.2. Example
The following is an example of an EXTERNAL authentication in the SMTP The following is an example of an EXTERNAL authentication in the SMTP
protocol [SMTP-AUTH]. In this example, the client is proxy protocol [SMTP]. In this example, the client is proxy
authenticating, sending the authorization id "fred". The server has authenticating, sending the authorization id "fred". The server has
determined the client's identity through IPsec and has a security determined the client's identity through IPsec and has a security
policy that permits that identity to proxy authenticate as any other policy that permits that identity to proxy authenticate as any other
identity. identity.
To the protocol profile, the four octet sequence "fred" is an opaque To the protocol profile, the four octet sequence "fred" is an opaque
binary blob. The SASL protocol profile for SMTP specifies that binary data. The SASL protocol profile for SMTP [SMTP-AUTH] specifies
server challenges and client responses are encoded in BASE64; the that server challenges and client responses are encoded in BASE64
BASE64 encoding of "fred" is "ZnJlZA==". [BASE64]; the BASE64 encoding of "fred" is "ZnJlZA==".
S: 220 smtp.example.com ESMTP server ready S: 220 smtp.example.com ESMTP server ready
C: EHLO jgm.example.com C: EHLO jgm.example.com
S: 250-smtp.example.com S: 250-smtp.example.com
S: 250 AUTH DIGEST-MD5 EXTERNAL S: 250 AUTH DIGEST-MD5 EXTERNAL
C: AUTH EXTERNAL ZnJlZA== C: AUTH EXTERNAL ZnJlZA==
S: 235 Authentication successful. S: 235 Authentication successful.
8. IANA Considerations 8. IANA Considerations
Registration of a SASL mechanism is done by filling in the template Internet DRAFT SASL 18 October 2003
in section 8.4 and sending it in to iana@iana.org. IANA has the
right to reject obviously bogus registrations, but will perform no
review of claims made in the registration form.
Internet DRAFT SASL 19 August 2003 8.1. Guidelines for IANA
It is requested that IANA updates the SASL mechanisms registry as
follows:
Change the "Intended usage" of the KERBEROS_V4 and SKEY mechanism
registrations to OBSOLETE. Change the "Published specification"
of the EXTERNAL mechanism to this document. Updated registration
is provided in Section 8.6.
8.2. Registration procedure
Registration of a SASL mechanism is done by filling in the template
in section 8.5 and sending it via electronic mail to <iana@iana.org>.
IANA has the right to reject obviously bogus registrations, but will
perform no review of claims made in the registration form. SASL
mechanism registrations are currently available at the URL
<http://www.iana.org/assignments/sasl-mechanisms>.
There is no naming convention for SASL mechanisms; any name that There is no naming convention for SASL mechanisms; any name that
conforms to the syntax of a SASL mechanism name can be registered. conforms to the syntax of a SASL mechanism name can be registered.
An IETF Standards Track document may reserve a portion of the SASL An IETF Standards Track document may reserve a portion of the SASL
mechanism namespace for its own use, amending the registration rules mechanism namespace ("family of SASL mechanisms") for its own use,
for that portion of the namespace. amending the registration rules for that portion of the namespace.
Each family of SASL mechanisms MUST be identified by a prefix.
While the registration procedures do not require it, authors of SASL While the registration procedures do not require it, authors of SASL
mechanisms are encouraged to seek community review and comment mechanisms are encouraged to seek community review and comment
whenever that is feasible. Authors may seek community review by whenever that is feasible. Authors may seek community review by
posting a specification of their proposed mechanism as an internet- posting a specification of their proposed mechanism as an Internet-
draft. SASL mechanisms intended for widespread use should be Draft. SASL mechanisms intended for widespread use should be
standardized through the normal IETF process, when appropriate. standardized through the normal IETF process, when appropriate.
8.1. Comments on SASL mechanism registrations 8.3. Comments on SASL mechanism registrations
Comments on registered SASL mechanisms should first be sent to the Comments on registered SASL mechanisms should first be sent to the
"owner" of the mechanism. Submitters of comments may, after a "owner" of the mechanism and/or to the SASL WG mailing list.
reasonable attempt to contact the owner, request IANA to attach their Submitters of comments may, after a reasonable attempt to contact the
comment to the SASL mechanism registration itself. If IANA approves owner, request IANA to attach their comment to the SASL mechanism
of this the comment will be made accessible in conjunction with the registration itself. If IANA approves of this, the comment will be
SASL mechanism registration itself. made accessible in conjunction with the SASL mechanism registration
itself.
8.2. Location of registered SASL mechanism list
SASL mechanism registrations are available at the URL Internet DRAFT SASL 18 October 2003
"http://www.iana.org/assignments/sasl-mechanisms" The SASL mechanism
description and other supporting material may also be published as an
Informational RFC by sending it to "rfc-editor@rfc-editor.org"
(please follow the instructions to RFC authors [RFC-INSTRUCTIONS]).
8.3. Change control 8.4. Change control
Once a SASL mechanism registration has been published by IANA, the Once a SASL mechanism registration has been published by IANA, the
author may request a change to its definition. The change request author may request a change to its definition. The change request
follows the same procedure as the registration request. follows the same procedure as the registration request.
The owner of a SASL mechanism may pass responsibility for the SASL The owner of a SASL mechanism may pass responsibility for the SASL
mechanism to another person or agency by informing IANA; this can be mechanism to another person or agency by informing IANA; this can be
done without discussion or review. done without discussion or review.
The IESG may reassign responsibility for a SASL mechanism. The most The IESG may reassign responsibility for a SASL mechanism. The most
common case of this will be to enable changes to be made to common case of this will be to enable changes to be made to
mechanisms where the author of the registration has died, moved out mechanisms where the author of the registration has died, moved out
of contact or is otherwise unable to make changes that are important of contact or is otherwise unable to make changes that are important
to the community. to the community.
SASL mechanism registrations may not be deleted; mechanisms which are SASL mechanism registrations may not be deleted; mechanisms which are
no longer believed appropriate for use can be declared OBSOLETE by a no longer believed appropriate for use can be declared OBSOLETE by a
Internet DRAFT SASL 19 August 2003
change to their "intended use" field; such SASL mechanisms will be change to their "intended use" field; such SASL mechanisms will be
clearly marked in the lists published by IANA. clearly marked in the lists published by IANA.
The IESG is considered to be the owner of all SASL mechanisms which The IESG is considered to be the owner of all SASL mechanisms which
are on the IETF standards track. are on the IETF standards track.
8.4. Registration template 8.5. Registration template
To: iana@isi.edu
Subject: Registration of SASL mechanism X Subject: Registration of SASL mechanism X
SASL mechanism name: Family of SASL mechanisms: (YES or NO)
SASL mechanism name (or prefix for the family):
Security considerations: Security considerations:
Published specification (optional, recommended): Published specification (optional, recommended):
Person & email address to contact for further information: Person & email address to contact for further information:
Intended usage: Intended usage:
(One of COMMON, LIMITED USE or OBSOLETE) (One of COMMON, LIMITED USE or OBSOLETE)
Owner/Change controller: Owner/Change controller:
(Any other information that the author deems interesting may be (Any other information that the author deems interesting may be
added below this line.) added below this line.)
8.5. The EXTERNAL mechanism registration Internet DRAFT SASL 18 October 2003
8.6. The EXTERNAL mechanism registration
It is requested that the SASL Mechanism registry [IANA-SASL] entry It is requested that the SASL Mechanism registry [IANA-SASL] entry
for the EXTERNAL mechanism be updated to reflect that this document for the EXTERNAL mechanism be updated to reflect that this document
now provides its technical specification. now provides its technical specification.
To: iana@iana.org
Subject: Updated Registration of SASL mechanism EXTERNAL Subject: Updated Registration of SASL mechanism EXTERNAL
Family of SASL mechanisms: NO
SASL mechanism name: EXTERNAL SASL mechanism name: EXTERNAL
Security considerations: See RFC XXXX, section 10. Security considerations: See RFC XXXX, section 9.
Published specification (optional, recommended): RFC XXXX Published specification (optional, recommended): RFC XXXX
Person & email address to contact for further information: Person & email address to contact for further information:
Alexey Melnikov <mel@isode.com> Alexey Melnikov <Alexey.Melnikov@isode.com>
Intended usage: COMMON Intended usage: COMMON
Internet DRAFT SASL 19 August 2003
Owner/Change controller: IESG <iesg@ietf.org> Owner/Change controller: IESG <iesg@ietf.org>
Note: Updates existing entry for EXTERNAL Note: Updates existing entry for EXTERNAL
9. References 9. Security considerations
9.1. Normative References
[ABNF] Crocker, Overell, "Augmented BNF for Syntax Specifications:
ABNF", RFC 2234, November 1997
[CHARSET-POLICY] Alvestrand, "IETF Policy on Character Sets and
Languages", RFC 2277, January 1998
[GSSAPI] Linn, "Generic Security Service Application Program
Interface, Version 2, Update 1", RFC 2743, January 2000
[ISO-10646] "Universal Multiple-Octet Coded Character Set (UCS) -
Architecture and Basic Multilingual Plane", ISO/IEC 10646-1 : 1993.
[KEYWORDS] Bradner, "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, March 1997
[Stringprep] P. Hoffman, M. Blanchet, "Preparation of
Internationalized Strings ("stringprep")", RFC 3454, December 2002.
[SASLPrep] Zeilenga, K., "SASLprep: Stringprep profile for user names
and passwords", Work in progress, draft-ietf-sasl-saslprep-XX.txt.
[UTF-8] Yergeau, "UTF-8, a transformation format of ISO 10646", work
in progress (draft-yergeau-rfc2279bis-XX) that replaces RFC 2279,
Janyary 1998
9.2. Informative References
<<Update the reference below>> [SASL-GSSAPI] Myers, "SASL GSSAPI
mechanisms", work in progress, draft-ietf-cat-sasl-gssapi-XX.txt,
September 2000
[SASL-DIGEST] Leach, P., Newman, C., Melnikov, A., "Using Digest
Authentication as a SASL Mechanism", work in progress, draft-ietf-
sasl-rfc2831bis-XX.txt, replaces RFC 2831
[SASL-OTP] Newman, "The One-Time-Password SASL Mechanism", RFC 2444,
October 1998
[SMTP-AUTH] Myers, "SMTP Service Extension for Authentication", RFC
2554, March 1999
Internet DRAFT SASL 19 August 2003
[RFC-INSTRUCTIONS] Postel, Reynolds, "Instructions to RFC Authors",
RFC 2223, October 1997
[IANA-SASL] IANA, "SIMPLE AUTHENTICATION AND SECURITY LAYER (SASL)
MECHANISMS", http://www.iana.org/assignments/sasl-mechanisms.
10. Security considerations
Security issues are discussed throughout this memo. Security issues are discussed throughout this memo.
The mechanisms that support integrity protection are designed such The mechanisms that support integrity protection are designed such
that the negotiation of the security layer and authorization identity that the negotiation of the security layer and authorization identity
is integrity protected. When the client selects a security layer is integrity protected. When the client selects a security layer
with at least integrity protection, this protects against an active with at least integrity protection, this protects against an active
attacker hijacking the connection and modifying the authentication attacker hijacking the connection and modifying the authentication
exchange to negotiate a plaintext connection. exchange to negotiate a plaintext connection.
skipping to change at page 15, line 35 skipping to change at page 16, line 5
each of which has a different security strength, it is possible for each of which has a different security strength, it is possible for
an active attacker to cause a party to use the least secure mechanism an active attacker to cause a party to use the least secure mechanism
supported. To protect against this sort of attack, a client or supported. To protect against this sort of attack, a client or
server which supports mechanisms of different strengths should have a server which supports mechanisms of different strengths should have a
configurable minimum strength that it will use. It is not sufficient configurable minimum strength that it will use. It is not sufficient
for this minimum strength check to only be on the server, since an for this minimum strength check to only be on the server, since an
active attacker can change which mechanisms the client sees as being active attacker can change which mechanisms the client sees as being
supported, causing the client to send authentication credentials for supported, causing the client to send authentication credentials for
its weakest supported mechanism. its weakest supported mechanism.
Internet DRAFT SASL 18 October 2003
The client's selection of a SASL mechanism is done in the clear and The client's selection of a SASL mechanism is done in the clear and
may be modified by an active attacker. It is important for any new may be modified by an active attacker. It is important for any new
SASL mechanisms to be designed such that an active attacker cannot SASL mechanisms to be designed such that an active attacker cannot
obtain an authentication with weaker security properties by modifying obtain an authentication with weaker security properties by modifying
the SASL mechanism name and/or the challenges and responses. the SASL mechanism name and/or the challenges and responses.
Any protocol interactions prior to authentication are performed in Any protocol interactions prior to authentication are performed in
the clear and may be modified by an active attacker. In the case the clear and may be modified by an active attacker. In the case
where a client selects integrity protection, it is important that any where a client selects integrity protection, it is important that any
security-sensitive protocol negotiations be performed after security-sensitive protocol negotiations be performed after
authentication is complete. Protocols should be designed such that authentication is complete. Protocols should be designed such that
negotiations performed prior to authentication should be either negotiations performed prior to authentication should be either
ignored or revalidated once authentication is complete. ignored or revalidated once authentication is complete.
When use of a security layer is negotiated by the authentication When use of a security layer is negotiated by the authentication
protocol exchange, the receiver should handle gracefully any security protocol exchange, the receiver should handle gracefully any security
encoded data buffer larger than the defined/negotiated maximal size. encoded data buffer larger than the defined/negotiated maximal size.
In particular, it must not blindly allocate the amount of memory In particular, it must not blindly allocate the amount of memory
specified in the buffer size field, as this might cause the "out of specified in the buffer size field, as this might cause the "out of
memory" condition. If the receiver detects a large block, it SHOULD memory" condition. If the receiver detects a large block, it SHOULD
Internet DRAFT SASL 19 August 2003
close the connection. close the connection.
"stringprep" and Unicode security considerations apply to "stringprep" and Unicode security considerations apply to
authentication identities, authorization identities and passwords. authentication identities, authorization identities and passwords.
The EXTERNAL mechanism provides no security protection; it is The EXTERNAL mechanism provides no security protection; it is
vulnerable to spoofing by either client or server, active attack, and vulnerable to spoofing by either client or server, active attack, and
eavesdropping. It should only be used when external security eavesdropping. It should only be used when external security
mechanisms are present and have sufficient strength. mechanisms are present and have sufficient strength.
10. References
10.1. Normative References
[ABNF] Crocker, Overell, "Augmented BNF for Syntax Specifications:
ABNF", RFC 2234, November 1997
[ASCII] American National Standards Institute, "Code Extension
Techniques for Use with the 7-bit Coded Character Set of American
National Standard Code (ASCII) for Information Interchange", FIPS PUB
35, 1974
[CHARSET-POLICY] Alvestrand, "IETF Policy on Character Sets and
Languages", RFC 2277, January 1998
[GSSAPI] Linn, "Generic Security Service Application Program
Interface, Version 2, Update 1", RFC 2743, January 2000
Internet DRAFT SASL 18 October 2003
[ISO-10646] "Universal Multiple-Octet Coded Character Set (UCS) -
Architecture and Basic Multilingual Plane", ISO/IEC 10646-1 : 1993.
[KEYWORDS] Bradner, "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, March 1997
[Unicode] The Unicode Consortium, "The Unicode Standard, Version
3.2.0" is defined by "The Unicode Standard, Version 3.0" (Reading,
MA, Addison-Wesley, 2000. ISBN 0-201-61633-5), as amended by the
"Unicode Standard Annex #27: Unicode 3.1"
(http://www.unicode.org/reports/tr27/) and by the "Unicode Standard
Annex #28: Unicode 3.2" (http://www.unicode.org/reports/tr28/).
[Stringprep] P. Hoffman, M. Blanchet, "Preparation of
Internationalized Strings ("stringprep")", RFC 3454, December 2002.
[SASLPrep] Zeilenga, K., "SASLprep: Stringprep profile for user names
and passwords", Work in progress, draft-ietf-sasl-saslprep-XX.txt.
[UTF-8] Yergeau, "UTF-8, a transformation format of ISO 10646", work
in progress (draft-yergeau-rfc2279bis-XX) that replaces RFC 2279,
Janyary 1998
10.2. Informative References
<<Update the reference below>> [SASL-GSSAPI] Myers, J., "SASL GSSAPI
mechanisms", work in progress, draft-ietf-cat-sasl-gssapi-XX.txt,
September 2000
[SASL-DIGEST] Leach, P., Newman, C., Melnikov, A., "Using Digest
Authentication as a SASL Mechanism", work in progress, draft-ietf-
sasl-rfc2831bis-XX.txt, replaces RFC 2831
[SASL-OTP] Newman, C., "The One-Time-Password SASL Mechanism", RFC
2444, October 1998
[SMTP] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821, April
2001
[SMTP-AUTH] Myers, J., "SMTP Service Extension for Authentication",
RFC 2554, March 1999
[BASE64] Josefsson, S., "The Base16, Base32, and Base64 Data
Encodings", RFC 3548, July 2003
[RFC-INSTRUCTIONS] Postel, Reynolds, "Instructions to RFC Authors",
RFC 2223, October 1997
Internet DRAFT SASL 18 October 2003
[IANA-SASL] IANA, "SIMPLE AUTHENTICATION AND SECURITY LAYER (SASL)
MECHANISMS", http://www.iana.org/assignments/sasl-mechanisms.
11. Editor's Address 11. Editor's Address
Alexey Melnikov Alexey Melnikov
Isode Isode
Email: mel@isode.com Email: Alexey.Melnikov@isode.com
12. Acknowledgments 12. Acknowledgments
This document is a revision of RFC 2222 written by John G. Myers This document is a revision of RFC 2222 written by John G. Myers. He
<jgmyers@netscape.com>. He also wrote the major part of this also contributed significantly to this revision.
document.
Thank you to Magnus Nystrom for the ASCII picture used in section Magnus Nystrom provided the ASCII art used in Section 6.3.
6.3.
Definition of realm was extracted from RFC 2617 ("HTTP Definition of realm was extracted from RFC 2617 ("HTTP
Authentication: Basic and Digest Access Authentication"). Authentication: Basic and Digest Access Authentication").
Contributions of many members of the SASL mailing list are gratefully Contributions of many members of the SASL mailing list are gratefully
acknowledged. acknowledged, in particular Kurt D. Zeilenga, Peter Saint-Andre, Rob
Siemborski, Jeffrey Hutzelman and Hallvard B Furuseth for
proofreading the document and various editorial suggestions.
13. Full Copyright Statement 13. Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be copyrights defined in the Internet Standards process must be
Internet DRAFT SASL 19 August 2003
followed, or as required to translate it into languages other than followed, or as required to translate it into languages other than
English. English.
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns. revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an This document and the information contained herein is provided on an
Internet DRAFT SASL 18 October 2003
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement Acknowledgement
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
skipping to change at page 18, line 4 skipping to change at page 19, line 48
define SASL mechanisms based on these services would be a very messy define SASL mechanisms based on these services would be a very messy
task, as the framing of these services would be redundant with the task, as the framing of these services would be redundant with the
framing of SASL and some method of providing these important SASL framing of SASL and some method of providing these important SASL
features would have to be devised. features would have to be devised.
Sometimes it is desired to enable within an existing connection the Sometimes it is desired to enable within an existing connection the
use of a security service which does not fit the SASL model. (TLS is use of a security service which does not fit the SASL model. (TLS is
an example of such a service.) This can be done by adding a command, an example of such a service.) This can be done by adding a command,
for example "STARTTLS", to the protocol. Such a command is outside for example "STARTTLS", to the protocol. Such a command is outside
the scope of SASL, and should be different from the command which the scope of SASL, and should be different from the command which
Internet DRAFT SASL 19 August 2003
starts a SASL authentication protocol exchange. starts a SASL authentication protocol exchange.
In certain situations, it is reasonable to use SASL underneath one of In certain situations, it is reasonable to use SASL underneath one of
these Transport Security services. The transport service would these Transport Security services. The transport service would
secure the connection, either service would authenticate the client, secure the connection, either service would authenticate the client,
and SASL would negotiate the authorization identity. The SASL and SASL would negotiate the authorization identity. The SASL
negotiation would be what moves the protocol from "unauthenticated" negotiation would be what moves the protocol from "unauthenticated"
Internet DRAFT SASL 18 October 2003
to "authenticated" state. The "EXTERNAL" SASL mechanism is to "authenticated" state. The "EXTERNAL" SASL mechanism is
explicitly intended to handle the case where the transport service explicitly intended to handle the case where the transport service
secures the connection and authenticates the client and SASL secures the connection and authenticates the client and SASL
negotiates the authorization identity. negotiates the authorization identity.
When using SASL underneath a sufficiently strong Transport Security Appendix B. Changes since RFC 2222
service, a SASL security layer would most likely be redundant. The
client and server would thus probably want to negotiate off the use
of a SASL security layer.
Appendix B. IANA considerations
The IANA is directed to modify the SASL mechanisms registry as
follows:
Change the "Intended usage" of the KERBEROS_V4 and SKEY mechanism
registrations to OBSOLETE. Change the "Published specification"
of the EXTERNAL mechanism to this document.
Appendix C. Changes since RFC 2222
The GSSAPI mechanism was removed. It is now specified in a separate The GSSAPI mechanism was removed. It is now specified in a separate
document [SASL-GSSAPI]. document [SASL-GSSAPI].
The "KERBEROS_V4" mechanism defined in RFC 2222 is obsolete and has The "KERBEROS_V4" mechanism defined in RFC 2222 is obsolete and has
been removed. been removed.
The "SKEY" mechanism described in RFC 2222 is obsolete and has been The "SKEY" mechanism described in RFC 2222 is obsolete and has been
removed. It has been replaced by the OTP mechanism [SASL-OTP]. removed. It has been replaced by the OTP mechanism [SASL-OTP].
The overview has been substantially reorganized and clarified. The overview has been substantially reorganized and clarified.
Clarified the definition and semantics of the authorization identity. Clarified the definition and semantics of the authorization identity.
Prohibited the NULL character in authorization identities. Prohibited the NUL character in authorization identities.
Added a section on character string issues. Added a section on character string issues.
The word "must" in the first paragraph of the "Protocol profile The word "must" in the first paragraph of the "Protocol profile
requirements" section was changed to "MUST". requirements" section was changed to "MUST".
Internet DRAFT SASL 19 August 2003
Specified that protocol profiles SHOULD provide a way for clients to Specified that protocol profiles SHOULD provide a way for clients to
discover available SASL mechanisms. discover available SASL mechanisms.
Made the requirement that protocol profiles specify the semantics of Made the requirement that protocol profiles specify the semantics of
the authorization identity optional to the protocol profile. the authorization identity optional to the protocol profile.
Clarified that such a specification is a refinement of the definition Clarified that such a specification is a refinement of the definition
in the base SASL spec. in the base SASL spec.
Added a requirement discouraging protocol profiles from breaking the Added a requirement discouraging protocol profiles from breaking the
separation between protocol and mechanism. separation between protocol and mechanism.
Mentioned that standards track documents may carve out their own Mentioned that standards track documents may carve out their own
portions of the SASL mechanism namespace. portions of the SASL mechanism namespace and may amend registration
rules for the portion. However registration of individual SASL
mechanisms is still required.
Specified that the authorization identity in the EXTERNAL mechanism Specified that the authorization identity in the EXTERNAL mechanism
is encoded in UTF-8. is encoded in UTF-8.
Added a statement that a protocol profile SHOULD allow challenge data Added a statement that a protocol profile SHOULD allow challenge data
to be sent with a success indication. to be sent with a success indication.
Internet DRAFT SASL 18 October 2003
Added a security consideration for the EXTERNAL mechansim. Added a security consideration for the EXTERNAL mechansim.
Clarified sections concerning success with additional data. Clarified sections concerning success with additional data.
Updated IANA related URLs. Cleaned up IANA considerations/registrations and assembled them in
one place.
Updated references and split them into Informative and Normative. Updated references and split them into Informative and Normative.
Added text to the Security Considerations section regarding handling Added text to the Security Considerations section regarding handling
of extremely large SASL blocks. of extremely large SASL blocks.
Replaced UTF-8 ABNF with the reference to the UTF-8 document. Replaced UTF-8 ABNF with the reference to the UTF-8 document.
Added text about SASLPrep for authentication identities and Added text about SASLPrep for authentication identities and
passwords. passwords. Described where SASLPrep preparation should take place.
Added paragraph about verifying authorization identities. Added paragraph about verifying authorization identities.
This document requires to drop a security layer on reauthentication This document requires to drop a security layer on reauthentication
when no security layer is negotiated. This differs from RFC 2222, when no security layer is negotiated. This differs from RFC 2222,
which required to keep the last security layer in this case. which required to keep the last security layer in this case.
Added a protocol profile requirement to specify interaction between Added a protocol profile requirement to specify interaction between
SASL and TLS security layers. SASL and TLS security layers.
Internet DRAFT SASL 19 August 2003 Added a protocol profile requirement to specify if it supports
reauthentication.
Status of this Memo ......................................... i Removed the text that seemed to suggest that SASL security layer must
1. Abstract .............................................. 2 not be used when TLS is available.
2. Organization of this document ......................... 2
2.1. How to read this document ............................. 2 Internet DRAFT SASL 18 October 2003
2.2. Conventions used in this document ..................... 2
3. Overview .............................................. 2 Status of this Memo .......................................... i
4. Authentication mechanisms ............................. 3 1. Abstract ............................................... 2
4.1. Authentication protocol exchange ...................... 4 2. Organization of this document .......................... 2
4.2. Authorization identities and proxy authentication ..... 4 2.1. How to read this document .............................. 2
4.3. Security layers ....................................... 5 2.2. Conventions used in this document ...................... 2
4.4. Character string issues ............................... 6 3. Overview ............................................... 3
5. Protocol profile requirements ......................... 6 4. Authentication mechanisms .............................. 3
6. Specific issues ....................................... 8 4.1. Authentication protocol exchange ....................... 4
6.1. Client sends data first ............................... 8 4.2. Authorization identities and proxy authentication ...... 4
6.2. Server returns success with additional data ........... 8 4.3. Security layers ........................................ 6
6.3. Multiple authentications .............................. 9 4.4. Character string issues ................................ 6
7. The EXTERNAL mechanism ............................... 10 5. Protocol profile requirements .......................... 6
7.1. Formal syntax ........................................ 11 6. Specific issues ........................................ 8
7.2. Example .............................................. 11 6.1. Client sends data first ................................ 8
8. IANA Considerations .................................. 11 6.2. Server returns success with additional data ............ 8
8.1. Comments on SASL mechanism registrations ............. 12 6.3. Multiple authentications ............................... 9
8.2. Location of registered SASL mechanism list ........... 12 7. The EXTERNAL mechanism ................................ 11
8.3. Change control ....................................... 12 7.1. Formal syntax ......................................... 12
8.4. Registration template ................................ 13 7.2. Example ............................................... 12
8.5. The EXTERNAL mechanism registration .................. 13 8. IANA Considerations ................................... 12
9. References ........................................... 14 8.1. Guidelines for IANA ................................... 13
9.1. Normative References ................................. 14 8.2. Registration procedure ................................ 13
9.2. Informative References ............................... 14 8.3. Comments on SASL mechanism registrations .............. 13
10. Security considerations .............................. 15 8.4. Change control ........................................ 14
11. Editor's Address ..................................... 16 8.5. Registration template ................................. 14
12. Acknowledgments ...................................... 16 8.6. The EXTERNAL mechanism registration ................... 15
13. Full Copyright Statement ............................. 16 9. Security considerations ................................ 15
Appendix A. Relation of SASL to transport security ......... 17 10. References ........................................... 16
Appendix B. IANA considerations ............................ 18 10.1. Normative References ................................. 16
Appendix C. Changes since RFC 2222 ......................... 18 10.2. Informative References ............................... 17
11. Editor's Address ...................................... 18
12. Acknowledgments ....................................... 18
13. Full Copyright Statement .............................. 18
Appendix A. Relation of SASL to transport security .......... 19
Appendix B. Changes since RFC 2222 .......................... 20
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/