draft-ietf-sasl-rfc2222bis-08.txt   draft-ietf-sasl-rfc2222bis-09.txt 
Network Working Group A. Melnikov Network Working Group A. Melnikov
Internet Draft Editor Internet Draft Editor
Document: draft-ietf-sasl-rfc2222bis-08.txt June 2004 Document: draft-ietf-sasl-rfc2222bis-09.txt October 2004
Obsoletes: RFC 2222 Expires in six months Obsoletes: RFC 2222 Expires in six months
Simple Authentication and Security Layer (SASL) Simple Authentication and Security Layer (SASL)
Status of this Memo Status of this Memo
This document is an Internet Draft and is in full conformance with By submitting this Internet-Draft, I certify that any applicable
all provisions of Section 10 of RFC 2026. patent or other IPR claims of which I am aware have been disclosed,
and any of which I become aware will be disclosed, in accordance with
RFC 3668.
Internet Drafts are working documents of the Internet Engineering Internet Drafts are working documents of the Internet Engineering
Task Force (IETF), its Areas, and its Working Groups. Note that Task Force (IETF), its Areas, and its Working Groups. Note that
other groups may also distribute working documents as Internet other groups may also distribute working documents as Internet
Drafts. Internet Drafts are draft documents valid for a maximum of Drafts. Internet Drafts are draft documents valid for a maximum of
six months. Internet Drafts may be updated, replaced, or obsoleted six months. Internet Drafts may be updated, replaced, or obsoleted
by other documents at any time. It is not appropriate to use by other documents at any time. It is not appropriate to use
Internet Drafts as reference material or to cite them other than as Internet Drafts as reference material or to cite them other than as
``work in progress''. ``work in progress''.
skipping to change at page 2, line ? skipping to change at page 2, line ?
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
A revised version of this draft document will be submitted to the RFC A revised version of this draft document will be submitted to the RFC
editor as a Standards Track RFC for the Internet Community. editor as a Standards Track RFC for the Internet Community.
Discussion and suggestions for improvement are requested. Discussion and suggestions for improvement are requested.
Distribution of this draft is unlimited. Distribution of this draft is unlimited.
When published as an RFC this document will obsolete RFC 2222. When published as an RFC this document will obsolete RFC 2222.
Internet DRAFT SASL 28 June 2004 Internet DRAFT SASL 25 October 2004
Abstract Abstract
The Simple Authentication and Security Layer (SASL) is a framework The Simple Authentication and Security Layer (SASL) is a framework
for providing authentication and data security services in for providing authentication and data security services in
connection-oriented protocols via replaceable mechanisms. It connection-oriented protocols via replaceable mechanisms. It provides
provides structured interface between protocols and mechanisms. The a structured interface between protocols and mechanisms. The
resulting framework allows new protocols to reuse existing mechanisms resulting framework allows new protocols to reuse existing mechanisms
and allows old protocols to make use of new mechanisms. The and allows old protocols to make use of new mechanisms. The
framework also provides a protocol for securing subsequent protocol framework also provides a protocol for securing subsequent protocol
exchanges within a data security layer. exchanges within a data security layer.
This document describes how a SASL mechanism is structured, describes This document describes how a SASL mechanism is structured, describes
how protocols add support for SASL, and defines the protocol for how protocols add support for SASL, and defines the protocol for
carrying a data security layer over a connection. Additionally, this carrying a data security layer over a connection. Additionally, this
document defines one SASL mechanism, the EXTERNAL mechanism. document defines one SASL mechanism, the EXTERNAL mechanism.
skipping to change at page 2, line ? skipping to change at page 2, line ?
Character names in this document use the notation for code points and Character names in this document use the notation for code points and
names from the Unicode Standard [Unicode]. For example, the letter names from the Unicode Standard [Unicode]. For example, the letter
"a" may be represented as either <U+0061> or <LATIN SMALL LETTER A>. "a" may be represented as either <U+0061> or <LATIN SMALL LETTER A>.
This document uses terms "integrity protection" and "confidentiality This document uses terms "integrity protection" and "confidentiality
protection". The former refers to a security layer (see Section protection". The former refers to a security layer (see Section
"Introduction" below for the definition) designed to provide "data "Introduction" below for the definition) designed to provide "data
integrity service" as defined in [Sec-Glossary]. Confidentiality integrity service" as defined in [Sec-Glossary]. Confidentiality
protection is a security layer that provides "data confidentiality protection is a security layer that provides "data confidentiality
service" as defined in [Sec-Glossary]. The term "confidentiality service" as defined in [Sec-Glossary]. The term "confidentiality
protection" usually implies "integrity protection". Security layers protection" implies "integrity protection". Security layers may offer
may offer other kinds of security services. other kinds of security services.
2. Introduction 2. Introduction
The Simple Authentication and Security Layer (SASL) is a framework The Simple Authentication and Security Layer (SASL) is a framework
for providing authentication and data security services in for providing authentication and data security services in
connection-oriented protocols via replaceable mechanisms. SASL connection-oriented protocols via replaceable mechanisms. SASL
provides a structured interface between protocols and mechanisms. provides a structured interface between protocols and mechanisms.
SASL also provides a protocol for securing subsequent protocol SASL also provides a protocol for securing subsequent protocol
exchanges within a data security layer. exchanges within a data security layer.
Internet DRAFT SASL 28 June 2004 Internet DRAFT SASL 25 October 2004
SASL design is intended to allow new protocols to reuse existing SASL's design is intended to allow new protocols to reuse existing
mechanisms without requiring redesign of the mechanisms and allows mechanisms without requiring redesign of the mechanisms and allows
existing protocols to make use of new mechanisms without redesign of existing protocols to make use of new mechanisms without redesign of
protocols. protocols.
The SASL is conceptually a framework which provides a layer between The SASL is conceptually a framework which provides a layer between
protocols and mechanisms, as illustrated in the following diagram. protocols and mechanisms, as illustrated in the following diagram.
SMTP Protocol LDAP Protocol Other Protocols SMTP Protocol LDAP Protocol Other Protocols
Profile Profile . . . Profile Profile . . .
\----- | -----/ \----- | -----/
\ | / \ | /
SASL framework SASL framework
/ | \ / | \
/----- | -----\ /----- | -----\
DIGEST-MD5 EXTERNAL Other Mechanisms DIGEST-MD5 EXTERNAL Other Mechanisms
SASL mechanism SASL mechanism . . . SASL mechanism SASL mechanism . . .
It is through the interfaces of this layer that the framework allows It is through the interfaces of this layer that the framework allows
any protocol to be utilized with any mechanism. While the layer does any protocol to be utilized with any mechanism. While the layer does
generally hide the particulars of protocols from mechanisms, the generally hide the particulars of protocols from mechanisms and the
layer does not generally hide the particulars of mechanisms from particulars of mechanisms from protocols, the layer does not
protocols. For example, different mechanisms require different generally hide the particulars of mechanisms from protocol
implementations. For example, different mechanisms require different
information to operate, some of them use password based information to operate, some of them use password based
authentication, other make use of Kerberos tickets, certificates, authentication, some of then require realm information, others make
etc. Also, in order to perform authorization step server use of Kerberos tickets, certificates, etc. Also, in order to
implementations have to implement mapping from a mechanism specific perform authorization, server implementations have to implement a
authentication identity format to a protocol specific format. mapping from a mechanism-specific authentication identity format to a
protocol-specific format.
It is noted that it is possible to design and implement this It is possible to design and implement this framework in ways which
framework in ways which do abstract away particulars of similar do abstract away particulars of similar mechanisms. Such
mechanisms. Such implementation could also be designed to be shared implementation could also be designed to be shared by multiple
by multiple implementations of various protocols. implementations of various protocols.
As illustrated above, the SASL framework interfaces with both As illustrated above, the SASL framework interfaces with both
protocols and mechanisms. protocols and mechanisms.
To use SASL, a protocol includes a command for identifying and To use SASL, a protocol includes a command for identifying and
authenticating a user to a server and for optionally negotiating a authenticating a user to a server and for optionally negotiating a
security layer for subsequent protocol interactions. If the use of a security layer for subsequent protocol interactions. If the use of a
security layer is negotiated, that security layer is inserted between security layer is negotiated, that security layer is inserted between
the protocol and the connection. Section 4 ("Protocol profile the protocol and the connection. Section 4 ("Protocol profile
requirements") profiles the requirements that a protocol requirements") profiles the requirements that a protocol
specification must fulfill to make use of SASL. specification must fulfill to make use of SASL. A SASL protocol
profile is a part of the protocol specification that satisfies the
A SASL mechanism is a series of server challenges and client Internet DRAFT SASL 25 October 2004
responses specific to the mechanism. Each SASL mechanism are
Internet DRAFT SASL 28 June 2004 requirements of Section 4.
identity by a registered name. Section 5. ("Mechanism profile A SASL mechanism is a series of server challenges and client
responses specific to the mechanism. Each SASL mechanism is
identified by a registered name. Section 5 ("Mechanism profile
guidelines") profiles the requirements that a mechanism specification guidelines") profiles the requirements that a mechanism specification
must fulfill to define a SASL mechanism. must fulfill to define a SASL mechanism.
This document is written to serve several different audiences: This document is written to serve several different audiences:
o) protocol designers using this specification to support - protocol designers using this specification to support
authentication in their protocol authentication in their protocol,
o) mechanism designers that define new SASL mechanisms - mechanism designers that define new SASL mechanisms, and
o) implementors of clients or servers for those protocols using this - implementors of clients or servers for those protocols using this
specification. specification.
The sections "Authentication Mechanisms", "Protocol Profile The sections "Authentication mechanisms", "Protocol profile
Requirements", "Specific Issues", and "Security Considerations" cover requirements", "Specific issues", and "Security considerations" cover
issues that protocol designers need to understand and address in issues that protocol designers need to understand and address in
profiling this specification for use in a specific protocol. profiling this specification for use in a specific protocol.
The sections "Authentication Mechanisms", "Mechanism Profile The sections "Authentication mechanisms", "Mechanism profile
Requirements", "Security Considerations" and "Registration procedure" guidelines", "Security considerations" and "Registration procedure"
cover issues that mechanism designers need to understand and address cover issues that mechanism designers need to understand and address
in designing new SASL mechanisms. in designing new SASL mechanisms.
The sections "Authentication Mechanisms", "Protocol profile The sections "Authentication mechanisms", "Protocol profile
requirements", "Specific issues" and "Security Considerations" cover requirements", "Specific issues" and "Security considerations" cover
issues that implementors of a protocol that uses SASL framework need issues that implementors of a protocol that uses SASL framework need
to understand. The implementors will also need to understand a to understand. The implementors will also need to understand a
specification of a profile specific to the protocol, as well as specification of a SASL profile specific to the protocol, as well as
aspects of mechanism specifications they intend to use (regardless of aspects of mechanism specifications they intend to use (regardless of
whether they are implementing the mechanisms themselves or using an whether they are implementing the mechanisms themselves or using an
existing implementation) to understand, for instance, the mechanism existing implementation) to understand, for instance, the mechanism-
specific authentication identity forms, the offered services, and specific authentication identity forms, the offered services, and
security and other considerations. security and other considerations.
2.1. Relationship to other documents
This document obsoletes RFC 2222. It replaces all portions of RFC
2222 excepting sections 7.1 (Kerberos version 4 mechanism), 7.2
(GSSAPI mechanism), 7.3 (S/Key mechanism). The Kerberos version 4
(KERBEROS_IV) and S/Key (SKEY) mechanisms are now viewed as obsolete.
The GSSAPI mechanism is now separately specified [SASL-GSSAPI].
Internet DRAFT SASL 25 October 2004
3. Authentication mechanisms 3. Authentication mechanisms
SASL mechanisms are named by strings, from 1 to 20 characters in SASL mechanisms are named by strings, from 1 to 20 characters in
length, consisting of ASCII [ASCII] upper-case letters, digits, length, consisting of ASCII [ASCII] upper-case letters, digits,
hyphens, and/or underscores. Names of SASL mechanisms or families of hyphens, and/or underscores. Names of SASL mechanisms or families of
mechanisms must be registered with the Internet Assigned Numbers mechanisms must be registered with the Internet Assigned Numbers
Authority (IANA) as described in section 8.2. Authority (IANA) as described in section 8.2.
The "sasl-mech" ABNF production below defines the syntax of a SASL The "sasl-mech" ABNF production below defines the syntax of a SASL
mechanism name. This uses the Augmented Backus-Naur Form (ABNF) mechanism name. This uses the Augmented Backus-Naur Form (ABNF)
notation as specified in [ABNF]. notation as specified in [ABNF].
Internet DRAFT SASL 28 June 2004
sasl-mech = 1*20mech-char sasl-mech = 1*20mech-char
mech-char = UPPER-ALPHA / DIGIT / HYPHEN / UNDERSCORE mech-char = UPPER-ALPHA / DIGIT / HYPHEN / UNDERSCORE
; mech-char is restricted to "A"-"Z", "0"-"9", "-", ; mech-char is restricted to "A"-"Z", "0"-"9", "-",
; and "_" from ASCII character set. ; and "_" from ASCII character set.
UPPER-ALPHA = %x41-5A UPPER-ALPHA = %x41-5A
; "A"-"Z" ; "A"-"Z"
DIGIT = %x30-39 DIGIT = %x30-39
; "0"-"9" ; "0"-"9"
HYPHEN = %x2D HYPHEN = %x2D
; "-" ; "-"
UNDERSCORE = %x5F UNDERSCORE = %x5F
; "_" ; "_"
3.1. Authentication protocol exchange 3.1. Authentication Exchange
A SASL mechanism is responsible for conducting an authentication A SASL mechanism is responsible for conducting an authentication
protocol exchange. This consists of a series of server challenges exchange. This consists of a series of server challenges and client
and client responses, the contents of which are specific to and responses, the contents of which are specific to and defined by the
defined by the mechanism. To the protocol, the challenges and mechanism. To the application protocol, the challenges and responses
responses are opaque binary tokens of arbitrary length. The are opaque binary tokens of arbitrary length (including 0-length).
protocol's profile then specifies how these binary tokens are then The protocol's profile then specifies how these binary tokens are
encoded for transfer over the connection. encoded for transfer over the connection.
After receiving an authentication command or any client response, a After receiving an authentication command or any client response, a
server mechanism may issue a challenge, indicate failure, or indicate server mechanism may issue a challenge, indicate failure, or indicate
completion. The server mechanism may return additional data with a completion. The server mechanism may return additional data with a
completion indication. The protocol's profile specifies how each of completion indication. The protocol's profile specifies how each of
these is then represented over the connection. these is then represented over the connection.
After receiving a challenge, a client mechanism may issue a response After receiving a challenge, a client mechanism may issue a response
or abort the exchange. The protocol's profile specifies how each of or abort the exchange. The protocol's profile specifies how each of
Internet DRAFT SASL 25 October 2004
these are then represented over the connection. these are then represented over the connection.
During the authentication protocol exchange, the mechanism performs During the authentication exchange, the mechanism performs
authentication, transmits an authorization identity (frequently known authentication, transmits an authorization identity (sometimes known
as a userid) from the client to server, and negotiates the use of a as a username<<>>) from the client to server, and may negotiate the
mechanism-specific security layer. If the use of a security layer is use of a mechanism-specific security layer. If the use of a security
agreed upon, then the mechanism must also define or negotiate the layer is agreed upon, then the mechanism must also define or
maximum security layer buffer size that each side is able to receive. negotiate the maximum security layer buffer size that each side is
able to receive.
Internet DRAFT SASL 28 June 2004 3.2. Identity Concepts
3.2. Authorization and authentication identities Conceptually, SASL framework involves two identities:
1) an identity associated with the authentication
credentials (termed the authentication identity), and
2) an identity to act as (termed the authorization
identity).
SASL authentication deals with two identities: the authentication The client provides its credentials and, optionally, a
identity, derived from the client's authentication credentials; and string representing the requested authorization identity
the authorization identity, which is the result of SASL processing as part of the SASL exchange. When this string is omitted or empty,
and is used by the server as the primary identity for making access the client is requesting to act as the identity
policy decisions. associated with the credentials (e.g., the user is
requesting to act as the authentication identity).
The processing model is as follows. A server, upon completion of the The server is responsible for verifying the client's
authentication mechanism, uses the results produced by the credentials and verifying that the client is allowed to
authentication mechanism, the client-provided authorization identity act as the authorization identity. A SASL exchange
value (which may be the empty string), and local policy information fails if either (or both) of these verifications fails.
to derive an authorization identity. The authorization identity is
made available to further server processing for use in making access
policy decisions. The provision of additional client attributes that
may affect access policy is not covered by this specification.
The authorization identity may be an empty (zero length) string. In SASL mechanism specifications describe the form of credentials
this case, the server derives an authorization identity from the used to authenticate clients, and SASL application
client's authentication identity. profiles describe the form of authorization identities
transferred as part of authentication exchange.
However, the
precise form(s) of the authentication identities (used
within the server in its verifications, or otherwise)
and the precise form(s) of the authorization identities
(used in making authorization decisions, or otherwise) is
beyond the scope of the SASL and this specification. In
some circumstances, the precise identity forms used
outside of the SASL exchange may be dictated by other
specifications. For instance, the authorization policy
specification for an application protocol may dictate the
precise form that an authorization identity is to be
represented in the authorization policy.
A mechanism which is incapable of transmitting an authorization Internet DRAFT SASL 25 October 2004
identity must be treated as if it always transmits an authorization
identity of an empty string.
Any normalization of the authentication identity is defined by a <<Need to address few issues in the two remaining paragraphs>>
particular SASL mechanism, the protocol profile doesn't influence it. Any normalization of the authentication identity (for the purposes
of conducting authentication exchange) is defined by a particular
SASL mechanism, the protocol profile doesn't influence it.
Note, that the mechanism specification doesn't control how
authentication identity information is represented elsewhere
<<need to add few examples>>.
The mechanism MUST preserve Unicode codepoint when transferring The mechanism MUST preserve Unicode codepoints when transferring
authorization identity (e.g. the mechanism cann't apply any form of authorization identity (e.g. the mechanism can't apply any form
normalization). of normalization).
3.2.1. Authorization identities and proxy authentication 3.2.1. Authorization identities and proxy authentication
A mechanism which is incapable of transmitting an authorization identity
must be treated as if it always transmits an authorization identity of an
empty string. <<Is this redundant?>>
If the authorization identity transmitted during the authentication If the authorization identity transmitted during the authentication
protocol exchange is not the empty string, this is typically referred exchange is not the empty string, this is typically referred
to as "proxy authentication". This feature permits agents such as to as "proxy authentication". This feature permits agents such as
proxy servers to authenticate using their own credentials, yet proxy servers to authenticate using their own credentials, yet request
request the access privileges of the identity for which they are the access privileges of the identity for which they are proxying.
proxying.
The server makes an implementation defined policy decision as to The server makes an implementation-defined policy decision as to
whether the authentication identity is permitted to have the access whether the authentication identity is permitted to have the access
privileges of the authorization identity and whether the privileges of the authorization identity and whether the authorization
authorization identity is permitted to receive service. If it is identity is permitted to receive service. If it is not, the server
not, the server indicates failure of the authentication protocol indicates failure of the authentication exchange.
exchange.
Internet DRAFT SASL 28 June 2004
As a client might not have the same information as the server, As a client might not have the same information as the server,
clients SHOULD NOT derive authorization identities from clients SHOULD NOT derive authorization identities from authentication
authentication identities. Instead, clients SHOULD provide no (or identities. Instead, clients SHOULD provide no (or empty) authorization
empty) authorization identity when the user has not provided an identity when the user<<client?>> has not provided an authorization identity.
authorization identity.
The server SHOULD verify that a received authorization identity is in The server SHOULD verify that a received authorization identity is in the
the correct form. Protocol profiles whose authorization identities correct form. Protocol profiles whose authorization identities are simple user
are simple user names (e.g. IMAP [RFC 3501]) SHOULD use "SASLprep" names (e.g. IMAP [RFC 3501]) SHOULD use "SASLprep"
profile [SASLprep] of the "stringprep" algorithm [StringPrep] to profile [SASLprep] of the "stringprep" algorithm [StringPrep] to prepare
prepare these names for matching. The profiles MAY use a stringprep these names for matching. The profiles MAY use a stringprep profile
profile that is more strict than "SASLprep". If the preparation of that is more strict than "SASLprep". If the preparation of
the authorization identity fails or results in an empty string, the the authorization identity fails or results in an empty string,
server MUST fail the authentication exchange. The only exception to the server MUST fail the authentication exchange. The only exception to
this rule is when the received authorization identity is already the this rule is when the received authorization identity is already the empty
empty string. string.
Internet DRAFT SASL 25 October 2004
3.2.2. Authorization Identity Format 3.2.2. Authorization Identity Format
An authorization identity is a string of zero or more Unicode An authorization identity is a string of zero or more Unicode [Unicode]
[Unicode] coded characters. The NUL <U+0000> character is not coded characters. The NUL <U+0000> character is prohibited
permitted in authorization identities. in authorization identities.
The character encoding scheme used for transmitting an authorization The character encoding scheme used for transmitting an authorization
identity over the protocol is specified in each authentication identity over the protocol is specified in each authentication mechanism.
mechanism. All IETF-defined mechanisms MUST, and all other All IETF-defined mechanisms MUST, and all other mechanisms SHOULD,
mechanisms SHOULD, use UTF-8 [UTF-8]. (See [CHARSET-POLICY] for IETF use UTF-8 [UTF-8]. (See [CHARSET-POLICY] for IETF policy regarding character
policy regarding character sets and encoding schemes.) sets and encoding schemes.)
Mechanisms are expected to be capable of carrying the entire Unicode Mechanisms are expected to be capable of carrying the entire Unicode
repertoire (with the exception of the NUL character). An repertoire (with the exception of the NUL character). An authorization
authorization identity of the empty string and an absent identity of the empty string and an absent authorization identity
authorization identity MUST be treated as equivalent. A mechanism MUST be treated as equivalent. A mechanism
which provides an optional field for an authorization identity, which provides an optional field for an authorization identity,
SHOULD NOT allow that field, when present, to be empty. The meaning SHOULD NOT allow that field, when present, to be empty.
of the empty string as an authorization identity is described in the The meaning of the empty string as an authorization identity is described
previous section. in Section 3.2.
3.3. Security layers 3.3. Security layers
If use of a security layer is negotiated by the authentication If use of a security layer is negotiated by the authentication
protocol exchange, the security layer is applied to all subsequent protocol exchange, the security layer is applied to all subsequent
data sent over the connection (until another security layer is data sent over the connection (until another security layer is negotiated (
negotiated; see also section 6.3). The security layer takes effect see also section 6.3) or underlying connection is closed). The security
immediately following the last response of the authentication layer takes effect
exchange for data sent by the client and the completion indication immediately following the last response of the authentication exchange
for data sent by the server. The exact position MUST be defined by for data sent by the client and the completion indication for data
the protocol profile (see section 4 part 5). sent by the server. The exact position MUST be defined by the protocol profile
(see section 4 part 5).
Internet DRAFT SASL 28 June 2004 Once the security layer is in effect the
protocol stream is processed by the security layer into buffers of
protected data. If the security layer is not able to produce a buffer,
the connection MUST be closed. If the security layer is not able to
decode a received buffer, the connection MUST be closed. In both cases the
underlying connection SHOULD be closed gracefully.
Note that all SASL mechanisms that are unable to negotiate a security Each buffer of protected data is
layer automatically select no security layer. transferred over the connection as a stream of octets prepended with a
four octet field in network byte order that represents the length of
the buffer. The length of the protected data buffer
MUST be no larger than the maximum size that was either defined in the
mechanism specification or negotiated by
the other side during the authentication exchange.
Upon the receipt of a data buffer which is larger than the defined/negotiated
Once the security layer is in effect the protocol stream is processed Internet DRAFT SASL 25 October 2004
by the security layer into buffers of protected data. Each buffer of
protected data is transferred over the connection as a stream of maximal buffer size the receiver SHOULD close the connection,
octets prepended with a four octet field in network byte order that as this might be a sign of an attack.
represents the length of the following buffer. The length of the
protected data buffer MUST be no larger than the maximum size that SASL mechanisms which are unable to negotiate a security layer
was either defined in the mechanism specification or negotiated by are treated as selecting no security layer.
the other side during the authentication protocol exchange. Upon the
receipt of a data buffer which is larger than the defined/negotiated
maximal buffer size the receiver SHOULD close the connection. This
might be a sign of an attack or a buggy implementation.
4. Protocol profile requirements 4. Protocol profile requirements
In order to use this specification, a protocol definition MUST supply In order to use this specification, a protocol definition MUST supply
the following information: the following information:
1) A service name, to be selected from the IANA registry of "service" 1) A service name, to be selected from the IANA registry of "service"
elements for the GSSAPI host-based service name form [GSSAPI]. This elements for the GSSAPI host-based service name form [GSSAPI]. This
service name is made available to the authentication mechanism. service name is made available to the authentication mechanism.
The registry is available at the URL The registry is available at the URL
<http://www.iana.org/assignments/gssapi-service-names>. <http://www.iana.org/assignments/gssapi-service-names>.
2) A definition of the command to initiate the authentication 2) A definition of the command to initiate the authentication protocol
protocol exchange. This command must have as a parameter the name of exchange. This command must have as a parameter the
the mechanism being selected by the client. name of the mechanism being selected by the client.
The command SHOULD have an optional parameter giving an initial The command SHOULD have an optional parameter giving an initial
response. If the protocol allows for the initial response, the response. If the protocol allows for the initial response,
protocol profile SHOULD also describe how an empty initial response the protocol profile MUST also describe how an empty initial response is
is encoded. This optional parameter allows the client to avoid a encoded. This optional parameter allows the client to avoid a round
round trip when using a mechanism which is defined to have the client trip when using a mechanism which is defined to have the client send
send data first. When this initial response is sent by the client data first. When this initial response is sent by the client and the
and the selected mechanism is defined to have the server start with selected mechanism is defined to have the server start with an initial
an initial challenge, the command fails. See section 6.1 of this challenge, the command fails. See section 6.1 of this document for
document for further information. further information.
3) A definition of the method by which the authentication protocol 3) A definition of the method by which the authentication protocol
exchange is carried out, including how the challenges and responses exchange is carried out, including how the challenges and responses
are encoded, how the server indicates completion or failure of the are encoded, how the server indicates completion or failure of the
exchange, how the client aborts an exchange, and how the exchange exchange, how the client aborts an exchange, and how the exchange method
method interacts with any line length limits in the protocol. interacts with any line length limits in the protocol.
The exchange method SHOULD allow the server to include an optional The exchange method SHOULD allow the server to include an
optional data ("optional challenge") with a success notification. This allows the
server to avoid a round trip when using a mechanism which is defined
to have the server send additional data along with the indication of
successful completion. Note that if additional data is sent with success,
it can not be empty. See section 6.2 of this document for further information.
Internet DRAFT SASL 28 June 2004 4) A protocol profile SHOULD specify a mechanism through
which a client may obtain the names of the SASL mechanisms available
to it. This is typically done through the protocol's extensions or
data ("optional challenge") with a success notification. This allows Internet DRAFT SASL 25 October 2004
the server to avoid a round trip when using a mechanism which is
defined to have the server send additional data along with the
indication of successful completion. Note that an additional data
with success can't be empty. See section 6.2 of this document for
further information.
4) A protocol profile SHOULD specify a mechanism through which a
client may obtain the names of the SASL mechanisms available to it.
This is typically done through the protocol's extensions or
capabilities mechanism. capabilities mechanism.
5) Identification of the octet where any negotiated security layer 5) Identification of the octet where any negotiated security layer starts
starts to take effect, in both directions. to take effect, in both directions.
6) Specify if the protocol profile supports "multiple 6) Specify if the protocol profile supports "multiple authentications"
authentications" (see section 6.3). (see section 6.3).
7) If both a Transport Layer Security [TLS] and a SASL security layer 7) If both a Transport Layer Security [TLS] and a SASL security layer are
are allowed to be negotiated by the protocol, the protocol profile allowed to be negotiated by
MUST define in which order they are applied to a cleartext data sent the protocol, the protocol profile MUST define in which order they are
over the connection. applied to a cleartext data sent over the connection.
8) A protocol profile MAY further refine the definition of an 8) A protocol profile MAY further refine the definition of an
authorization identity by adding additional syntactic restrictions authorization identity by adding additional syntactic restrictions and
and protocol-specific semantics. A protocol profile MUST specify the protocol-specific semantics. A protocol profile MUST specify the form
form of the authorization identity (since it is protocol specific, as of the authorization identity (since it is protocol-specific, as opposed
opposed to the authentication identity, which is mechanism specific) to the authentication identity, which is mechanism-specific) and how
and how authorization identities are to be compared. Profiles whose authorization identities are to be compared. Profiles whose authorization
authorization identities are simple user names (e.g. IMAP [RFC 3501]) identities are simple user names (e.g. IMAP [RFC 3501]) SHOULD use
SHOULD use "SASLprep" profile [SASLprep] of the "stringprep" "SASLprep" profile [SASLprep] of the "stringprep" algorithm [StringPrep]
algorithm [StringPrep] to prepare these names for matching. The to prepare these names for matching. The profiles MAY use a stringprep profile
profiles MAY use a stringprep profile that is more strict than that is more strict than SASLprep.
SASLprep.
9) Where the application-layer protocol does not precisely state how 9) Where the application-layer protocol does not precisely state
identities established through SASL relate to identities used how identities established through SASL relate to identities
elsewhere (e.g., access controls) in the application-layer protocol, used elsewhere (e.g., access controls) in the application-layer
it may be useful for the application-layer protocol to provide a protocol, it may be useful for the application-layer protocol
facility which the client may use to discover the identity used. to provide a facility which the client may use to discover the
identity used.
A protocol profile SHOULD NOT attempt to amend the definition of A protocol profile SHOULD NOT attempt to amend the definition of
mechanisms or make mechanism-specific encodings. This breaks the mechanisms or create mechanism-specific encodings. This breaks the
separation between protocol and mechanism that is fundamental to the separation between protocol and mechanism that is fundamental to the
design of SASL. Likewise, SASL mechanisms SHOULD be profile neutral. design of SASL. (Likewise, SASL mechanisms are intended to be profile neutral.)
Internet DRAFT SASL 28 June 2004
5. Mechanism profile guidelines 5. Mechanism profile guidelines
Designers of new SASL mechanism should be aware of the following Designers of new SASL mechanism should be aware of the following issues:
issues:
1) Authorization identity 1) Authorization identity
While some legacy mechanisms are incapable of transmitting an While some legacy mechanisms are incapable of transmitting an authorization
authorization identity (which means that for these mechanisms the identity (which means that for these mechanisms the authorization identity
authorization identity is always the empty string), newly defined is always the empty string), newly defined mechanisms SHOULD be
mechanisms SHOULD be capable of transmitting a non-empty capable of transmitting a non-empty authorization identity. See also section 3.2.
authorization identity. See also section 3.2.
Internet DRAFT SASL 25 October 2004
2) Character string issues 2) Character string issues
Authentication mechanisms SHOULD encode character strings in UTF-8 Authentication mechanisms SHOULD encode character strings in UTF-8 [UTF-8]
[UTF-8] (see [CHARSET-POLICY] for IETF policy regarding character (see [CHARSET-POLICY] for IETF policy regarding character sets in IETF protocols).
sets in IETF protocols). In order to avoid interoperability problems In order to avoid interoperability problems due to differing normalizations,
due to differing normalizations, when a mechanisms specifies that when a mechanism specifies that character data is to be used as input to a
character data is to be used as input to a cryptographic and/or cryptographic and/or comparison function, the mechanism specification MUST
comparison function, the mechanism specification MUST detail how the detail how the data is to be represented, including any normalizations or
data is to be represented, including any normalizations or other other preparations, to ensure proper function. Designers of mechanisms SHOULD use
preparations, to ensure proper function. Designers of mechanisms the "SASLprep" profile [SASLprep] of the "stringprep" algorithm [StringPrep] where applicable.
SHOULD use the "SASLprep" profile [SASLprep] of the "stringprep" This recommendation does not apply to authorization identities as their handling is protocol-specific.
algorithm [StringPrep] where applicable. However it should be noted
that this rule doesn't apply to authorization identities, as they are
protocol specific.
The preparation can be potentially performed on the client end (upon The preparation can be potentially performed on the client side (upon getting user input
getting user input or retrieving a value from configuration) or on or retrieving a value from configuration) or on the server side (upon receiving the value
the server end (upon receiving the value from the client, retrieving from the client, retrieving a value from its authentication database or generating a
a value from its authentication database or generating a new value in new value in order to store in in the authentication database).
order to store in in the authentication database). SASL mechanisms SASL mechanisms MUST define which entity (or entities) must perform the
must define which entity (or entities) must perform the preparation. preparation. If preparation fails or turns a non-empty string into the empty string, the entity
If preparation fails or results in an empty string, the entity doing doing the preparation MUST fail the authentication exchange.
the preparation MUST fail the authentication exchange.
Implementation note: A server end can be represented by multiple Implementation note:
processes. For example, it may consist of the server process itself A server side can be represented by multiple processes. For example, the server side may
that communicated with a client, and a command line utility (a server consist of the server process itself that communicated with a client and a
agent) that is able to store passwords/hashes in a database that can utility (a server agent) that is able to store passwords/hashes (or derivitives) in a
be later used by the server. For the server agent the requirement to database that can be later used by the server. For the server agent the
"fail the authentication exchange" should be interpreted as a requirement to "fail the authentication exchange" should be interpreted
requirement to refuse to store the data in the database. as a requirement to refuse to store the data in the database.
3) If the underlying cryptographic technology used by a mechanism 3) If the underlying cryptographic technology used by a mechanism supports
supports data integrity than the mechanism specification MUST data integrity, then the mechanism specification MUST integrity protect
the transmission of an authorization identity and the negotiation of
the security layer.
Internet DRAFT SASL 28 June 2004 4) The mechanism SHOULD NOT use the authorization identity in generation of any
long-term cryptographic keys/hashes. The reason is that different protocols
(and sometimes even different implementations of the same protocol) may use
multiple forms of an authorization identity that are semantically equivalent
and some clients may use one form while other clients use a different form.
integrity protect the transmission of an authorization identity and 5) SASL mechanisms should be designed to minimize the number of round
the negotiation of the security layer. trips required, because SASL can be used with protocols where connections
are short-lived.
4) The mechanism should not use the authorization identity in 6) SASL does not provide for re-keying (see Section 9.1), but SASL mechanisms may.
generation of any long-term cryptographic keys/hashes. The reason is
that different protocols (and sometimes even different
implementations of the same protocol) may use multiple forms of an
authorization identity that are semantically equivalent and some
clients may use one form while other clients use a different form.
5) SASL mechanisms should be designed to minimize the number of round <<Original Nico's text follows:>>
trips required because SASL can be used with protocols where SASL mechanisms that support re-keying SHOULD:
connections are short-lived. - indicate that re-keying is or will be needed immediately; <<Alexey: HOW?>>
Internet DRAFT SASL 25 October 2004
- provide re-keying messages or transparently include re-keying
messages in the security layers; the latter can happen without
application involvement, but only as long as the application is
engaged in timely bidirectional exchanges with its peer.
<<Alternative text by Alexey:>>
A SASL mechanism supports re-keying if it is able to generate/process
messages that request immediate re-keying and it is able to carry out
re-keying exchange. (Note that the mechanism MAY use a single message
type to do both). SASL mechanisms that support re-keying MAY also be
able to indicate that re-keying will be needed in the future.
A re-keying exchange can be conducted transparently by the mechanism,
or the mechanism should be able to provide/accept re-keying messages
to/from the application. The former can happen without application
involvement, but only as long as the application is engaged in timely
bidirectional exchanges with its peer.
7) SASL mechanisms SHOULD be profile neutral.
6. Specific issues 6. Specific issues
6.1. Client sends data first 6.1. Client sends data first
Some mechanisms specify that the first data sent in the Some mechanisms specify that the first data sent in the
authentication protocol exchange is from the client to the server. authentication exchange is from the client to the server.
If a protocol's profile permits the command which initiates an If a protocol's profile permits the command which initiates an
authentication protocol exchange to contain an initial client authentication exchange to contain an initial client
response, this parameter SHOULD be used with such mechanisms. response, this parameter SHOULD be used with such mechanisms.
If the initial client response parameter is not given, or if a If the initial client response parameter is not given, or if a
protocol's profile does not permit the command which initiates an protocol's profile does not permit the command which initiates an
authentication protocol exchange to contain an initial client authentication exchange to contain an initial client
response, then the server issues a challenge with no data. The response, then the server issues a challenge with no data. The
client's response to this challenge is then used as the initial client's response to this challenge is then used as the initial client
client response. (The server then proceeds to send the next response. (The server then proceeds to send the next challenge,
challenge, indicates completion, or indicates failure.) indicates completion, or indicates failure.)
6.1.1. Client sends data first examples 6.1.1. Client sends data first examples
The following are two examples of an SECURID authentication [SASL- The following are two examples of the SECURID authentication [SASL-SECURID] in the SMTP
SECURID] in the SMTP protocol [SMTP]. In the first example below, protocol [SMTP]. In the first example below, the client is trying fast reauthentication
the client is trying fast reauthentication by sending the initial by sending the initial response:
response:
S: 220-smtp.example.com ESMTP Server S: 220-smtp.example.com ESMTP Server
C: EHLO client.example.com C: EHLO client.example.com
S: 250-smtp.example.com Welcome client.example.com S: 250-smtp.example.com Welcome client.example.com
Internet DRAFT SASL 25 October 2004
S: 250-AUTH GSSAPI SECURID S: 250-AUTH GSSAPI SECURID
S: 250 DSN S: 250 DSN
C: AUTH SECURID AG1hZ251cwAxMjM0NTY3OAA= C: AUTH SECURID AG1hZ251cwAxMjM0NTY3OAA=
S: 235 Authentication successful S: 235 Authentication successful
Internet DRAFT SASL 28 June 2004
The example below is almost identical to the previous, but here the The example below is almost identical to the previous, but here the
client chooses not to use the initial response parameter. client chooses not to use the initial response parameter.
S: 220-smtp.example.com ESMTP Server S: 220-smtp.example.com ESMTP Server
C: EHLO client.example.com C: EHLO client.example.com
S: 250-smtp.example.com Welcome client.example.com S: 250-smtp.example.com Welcome client.example.com
S: 250-AUTH GSSAPI SECURID S: 250-AUTH GSSAPI SECURID
S: 250 DSN S: 250 DSN
C: AUTH SECURID C: AUTH SECURID
S: 334 S: 334
skipping to change at page 12, line 49 skipping to change at page 14, line 4
data with success. Imagine that an active attacker is trying to data with success. Imagine that an active attacker is trying to
impersonate the server and sends faked data, which should be used to impersonate the server and sends faked data, which should be used to
authenticate the server to the client, with success. (A similar authenticate the server to the client, with success. (A similar
situation can happen when either the server and/or the client has a situation can happen when either the server and/or the client has a
bug and they calculate different responses.) After checking the data, bug and they calculate different responses.) After checking the data,
the client will think that the authentication exchange has failed, the client will think that the authentication exchange has failed,
however the server will think that the authentication exchange has however the server will think that the authentication exchange has
completed successfully. At this point the client can not abort the completed successfully. At this point the client can not abort the
authentication exchange; it SHOULD close the connection instead. authentication exchange; it SHOULD close the connection instead.
However, if the profile did not support sending of additional data However, if the profile did not support sending of additional data
Internet DRAFT SASL 25 October 2004
with success, the client could have aborted the exchange at the very with success, the client could have aborted the exchange at the very
last step of the authentication exchange. last step of the authentication exchange.
Internet DRAFT SASL 28 June 2004
6.2.1. Server returns success with additional data examples 6.2.1. Server returns success with additional data examples
The following are two examples of a DIGEST-MD5 authentication [SASL- The following are two examples of a DIGEST-MD5 authentication [SASL-
DIGEST] in the Extensible Messaging and Presence Protocol [XMPP]. In DIGEST] in the Extensible Messaging and Presence Protocol [XMPP]. In
the first example below, the server is sending mutual authentication the first example below, the server is sending mutual authentication
data with success. data with success.
C: <stream:stream C: <stream:stream
xmlns='jabber:client' xmlns='jabber:client'
xmlns:stream='http://etherx.jabber.org/streams' xmlns:stream='http://etherx.jabber.org/streams'
skipping to change at page 13, line 51 skipping to change at page 15, line 5
LHJlc3BvbnNlPWQzODhkYWQ5MGQ0YmJkNzYwYTE1MjMyMWYyMTQzYWY3LGNo LHJlc3BvbnNlPWQzODhkYWQ5MGQ0YmJkNzYwYTE1MjMyMWYyMTQzYWY3LGNo
YXJzZXQ9dXRmLTgK YXJzZXQ9dXRmLTgK
</response> </response>
S: <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'> S: <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
cnNwYXV0aD1lYTQwZjYwMzM1YzQyN2I1NTI3Yjg0ZGJhYmNkZmZmZAo= cnNwYXV0aD1lYTQwZjYwMzM1YzQyN2I1NTI3Yjg0ZGJhYmNkZmZmZAo=
</success> </success>
The example below is almost identical to the previous, but here The example below is almost identical to the previous, but here
the server chooses not to use the additional data with success. the server chooses not to use the additional data with success.
Internet DRAFT SASL 25 October 2004
C: <stream:stream C: <stream:stream
xmlns='jabber:client' xmlns='jabber:client'
xmlns:stream='http://etherx.jabber.org/streams' xmlns:stream='http://etherx.jabber.org/streams'
Internet DRAFT SASL 28 June 2004
to='example.com' to='example.com'
version='1.0'> version='1.0'>
S: <stream:stream S: <stream:stream
xmlns='jabber:client' xmlns='jabber:client'
xmlns:stream='http://etherx.jabber.org/streams' xmlns:stream='http://etherx.jabber.org/streams'
id='c2s_234' id='c2s_234'
from='example.com' from='example.com'
version='1.0'> version='1.0'>
S: <stream:features> S: <stream:features>
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'> <mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
skipping to change at page 14, line 44 skipping to change at page 15, line 47
S: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'> S: <challenge xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
cnNwYXV0aD1lYTQwZjYwMzM1YzQyN2I1NTI3Yjg0ZGJhYmNkZmZmZAo= cnNwYXV0aD1lYTQwZjYwMzM1YzQyN2I1NTI3Yjg0ZGJhYmNkZmZmZAo=
</challenge> </challenge>
C: <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/> C: <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
S: <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/> S: <success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
6.3. Multiple authentications 6.3. Multiple authentications
Unless otherwise stated by the protocol's profile, only one Unless otherwise stated by the protocol's profile, only one
successful SASL negotiation may occur in a protocol session. In this successful SASL negotiation may occur in a protocol session. In this
case, once an authentication protocol exchange has successfully case, once an authentication exchange has successfully completed,
completed, further attempts to initiate an authentication protocol further attempts to initiate an authentication exchange fail.
exchange fail.
If a profile explicitly permits multiple successful SASL negotiations If a profile explicitly permits multiple successful SASL negotiations
to occur, then in no case may multiple security layers be to occur, then in no case may multiple security layers be
simultaneously in effect. If a security layer is in effect and a simultaneously in effect. If a security layer is in effect and a
subsequent SASL negotiation selects a second security layer, then the subsequent SASL negotiation selects a second security layer, then the
second security layer replaces the first. If a security layer is in second security layer replaces the first; this can be used as a form
effect and a subsequent SASL negotiation selects no security layer,
the original security layer remains in effect.
Internet DRAFT SASL 28 June 2004 Internet DRAFT SASL 25 October 2004
of re-keying, where SASL mechanisms that provide security layers fail
to provide for re-keying, provided that the authenticated identity
remains the same. If a security layer is in effect and a subsequent
SASL negotiation selects no security layer, the original security
layer remains in effect.
Where a protocol profile permits multiple successful SASL Where a protocol profile permits multiple successful SASL
negotiations, the profile MUST detail the effect of a failed SASL negotiations, the profile MUST detail the effect of a failed SASL
negotiation upon the previously established authentication state. negotiation upon the previously established authentication state.
In particular, it MUST state whether the previously established In particular, it MUST state whether the previously established
authenticated state remain in force or whether the connection is to authenticated state remains in force or whether the connection is to
revert to an non-authenticated state. Regardless of the specified revert to an non-authenticated state. Regardless of the specified
effect upon authentication state, the previously negotiated security effect upon authentication state, the previously negotiated security
layer remains in effect. layer remains in effect.
7. The EXTERNAL mechanism 7. The EXTERNAL mechanism
The mechanism name associated with external authentication is The mechanism name associated with external authentication is
"EXTERNAL". "EXTERNAL".
The client sends a single message containing the UTF-8 encoding of The client sends a single message containing the UTF-8 encoding of
the authorization identity. The message may be empty. The form of the the requested authorization identity. The message may be empty. The
authorization identity is further restricted by the application-level form of the authorization identity may be restricted by the
protocol's SASL profile. application protocol's SASL profile.
The server uses information, external to SASL, to determine whether Some system external to SASL must authenticate the client. If that
the client is permitted to authenticate as the authorization succeeds, the server determines the authentication identity from
identity. If the client is so authorized, the server indicates information from this system. If the requested authorization
successful completion of the authentication exchange; otherwise the identity is empty, the authorization identity is derived from the
server indicates failure. authentication identity. The server determines if the authentication
identity is allowed to act as the authorization identity. If all
that succeeds, the server indicates successful completion of the
authentication exchange; otherwise it indicates failure.
The system providing this external information may be, for example, The system providing this external information may be, for example,
IPSec [IPSec] or TLS [TLS]. However, the client can make no IPSec [IPSec] or TLS [TLS]. However, the client can make no
assumptions as to what information the server can use in determining assumptions as to what information the server can use in determining
client authorization. For example, just because TLS was established, client authorization. For example, just because TLS was established,
doesn't mean that the server will use the information provided by doesn't mean that the server will use the information provided by
TLS. TLS.
If the client sends the empty string as the authorization identity,
the authorization identity is to be derived from authentication
credentials which exist in the system that is providing the external
authentication.
7.1. Formal syntax 7.1. Formal syntax
The following syntax specification uses the augmented Backus-Naur The following syntax specification uses the augmented Backus-Naur
Form (BNF) notation as specified in [ABNF]. Non-terminals referenced Form (BNF) notation as specified in [ABNF]. Non-terminals referenced
but not defined below are as defined by [UTF-8]. but not defined below are as defined by [UTF-8].
The "extern-resp" rule below defines the message sent from client to The "extern-resp" rule below defines the message sent from client to
Internet DRAFT SASL 25 October 2004
server. server.
extern-resp = *( UTF8-char-no-nul ) extern-resp = *( UTF8-char-no-nul )
Internet DRAFT SASL 28 June 2004
UTF8-char-no-nul = UTF8-1-no-nul / UTF8-2 / UTF8-3 / UTF8-4 UTF8-char-no-nul = UTF8-1-no-nul / UTF8-2 / UTF8-3 / UTF8-4
UTF8-1-no-nul = %x01-7F UTF8-1-no-nul = %x01-7F
7.2. Examples of SASL EXTERNAL 7.2. Examples of SASL EXTERNAL
The following is an example of an EXTERNAL authentication in the SMTP The following is an example of an EXTERNAL authentication in the SMTP
protocol [SMTP]. In this example, the client is proxy authenticating, protocol [SMTP]. In this example, the client is proxy authenticating,
sending the authorization identity "fred" using in the (optional) sending the authorization identity "fred@example.com" in the
initial response. The server has obtained the client's (optional) initial response. The server has obtained the client's
(authentication) identity from an external service, such as IPsec, (authentication) identity from an external service, such as IPsec,
and has a security policy that permits that identity to assume the and has a security policy that permits that identity to assume the
identity of the asserted authorization identity. identity of the asserted authorization identity.
To the protocol profile, the four octet sequence "fred" is an opaque To the protocol profile, the sequence "fred@example.com" is an opaque
binary data. The SASL protocol profile for SMTP [SMTP-AUTH] specifies binary data. The SASL protocol profile for SMTP [SMTP-AUTH] specifies
that server challenges and client responses are encoded in BASE64 that server challenges and client responses are encoded in BASE64
[BASE64, section 3]; the BASE64 encoding of "fred" is "ZnJlZA==". [BASE64, section 3]; the BASE64 encoding of "fred@example.com" is
"ZnJlZEBleGFtcGxlLmNvbQ==".
S: 220 smtp.example.com ESMTP server ready S: 220 smtp.example.com ESMTP server ready
C: EHLO jgm.example.com C: EHLO jgm.example.com
S: 250-smtp.example.com S: 250-smtp.example.com
S: 250 AUTH DIGEST-MD5 EXTERNAL S: 250 AUTH DIGEST-MD5 EXTERNAL
C: AUTH EXTERNAL ZnJlZA== C: AUTH EXTERNAL ZnJlZEBleGFtcGxlLmNvbQ==
S: 235 Authentication successful. S: 235 Authentication successful.
The following example is almost identical to the one above, but the The following example is almost identical to the one above, but the
client doesn't request proxy authentication. client doesn't request proxy authentication.
S: 220 smtp.example.com ESMTP server ready S: 220 smtp.example.com ESMTP server ready
C: EHLO jgm.example.com C: EHLO jgm.example.com
S: 250-smtp.example.com S: 250-smtp.example.com
S: 250 AUTH DIGEST-MD5 EXTERNAL S: 250 AUTH DIGEST-MD5 EXTERNAL
C: AUTH EXTERNAL C: AUTH EXTERNAL
S: 235 Authentication successful. S: 235 Authentication successful.
The following is an example of an EXTERNAL authentication in the The following is an example of an EXTERNAL authentication in the
IMAP4 protocol [IMAP]. IMAP4 doesn't support the initial response IMAP4 protocol [IMAP]. IMAP4 doesn't support the initial response
feature of SASL. As in the previous example, the client doesn't feature of SASL. As in the previous example, the client doesn't
request proxy authentication. request proxy authentication.
S: * OK IMAP4rev1 Server S: * OK IMAP4rev1 Server
Internet DRAFT SASL 25 October 2004
C: C01 CAPABILITY C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=DIGEST-MD5 AUTH=EXTERNAL S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=DIGEST-MD5 AUTH=EXTERNAL
[...] [...]
C: A01 AUTHENTICATE EXTERNAL C: A01 AUTHENTICATE EXTERNAL
(note that there is a space following the "+" in the following line) (note that there is a space following the "+" in the following line)
Internet DRAFT SASL 28 June 2004
S: + S: +
C: C:
S: A01 OK Success S: A01 OK Success
8. IANA Considerations 8. IANA Considerations
8.1. Guidelines for IANA 8.1. Guidelines for IANA
It is requested that IANA updates the SASL mechanisms registry as It is requested that IANA updates the SASL mechanisms registry as
follows: follows:
skipping to change at page 17, line 40 skipping to change at page 18, line 45
<http://www.iana.org/assignments/sasl-mechanisms>. <http://www.iana.org/assignments/sasl-mechanisms>.
There is no naming convention for SASL mechanisms; any name that There is no naming convention for SASL mechanisms; any name that
conforms to the syntax of a SASL mechanism name can be registered. conforms to the syntax of a SASL mechanism name can be registered.
However an IETF Standards Track document may reserve a portion of the However an IETF Standards Track document may reserve a portion of the
SASL mechanism namespace ("family of SASL mechanisms") for its own SASL mechanism namespace ("family of SASL mechanisms") for its own
use, amending the registration rules for that portion of the use, amending the registration rules for that portion of the
namespace. Each family of SASL mechanisms MUST be identified by a namespace. Each family of SASL mechanisms MUST be identified by a
prefix. prefix.
While the registration procedures do not require it, authors of SASL While the registration procedures do not require expert review,
mechanisms are encouraged to seek community review and comment authors of SASL mechanisms are encouraged to seek community review
whenever that is feasible. Authors may seek community review by and comment whenever that is feasible. Authors may seek community
posting a specification of their proposed mechanism as an Internet- review by posting a specification of their proposed mechanism as an
Draft. SASL mechanisms intended for widespread use should be Internet-Draft. SASL mechanisms intended for widespread use should
standardized through the normal IETF process, when appropriate.
Internet DRAFT SASL 28 June 2004 Internet DRAFT SASL 25 October 2004
be standardized through the normal IETF process, when appropriate.
8.3. Comments on SASL mechanism registrations 8.3. Comments on SASL mechanism registrations
Comments on registered SASL mechanisms should first be sent to the Comments on registered SASL mechanisms should first be sent to the
"owner" of the mechanism and/or to the SASL WG mailing list. "owner" of the mechanism and/or to the SASL WG mailing list.
Submitters of comments may, after a reasonable attempt to contact the Submitters of comments may, after a reasonable attempt to contact the
owner, request IANA to attach their comment to the SASL mechanism owner, request IANA to attach their comment to the SASL mechanism
registration itself. If IANA approves of this, the comment will be registration itself. If IANA approves of this, the comment will be
made accessible in conjunction with the SASL mechanism registration made accessible in conjunction with the SASL mechanism registration
itself. itself.
skipping to change at page 18, line 53 skipping to change at page 20, line 5
Subject: Registration of SASL mechanism X Subject: Registration of SASL mechanism X
Family of SASL mechanisms: (YES or NO) Family of SASL mechanisms: (YES or NO)
SASL mechanism name (or prefix for the family): SASL mechanism name (or prefix for the family):
Security considerations: Security considerations:
Published specification (optional, recommended): Published specification (optional, recommended):
Person & email address to contact for further information: Internet DRAFT SASL 25 October 2004
Internet DRAFT SASL 28 June 2004 Person & email address to contact for further information:
Intended usage: Intended usage:
(One of COMMON, LIMITED USE or OBSOLETE) (One of COMMON, LIMITED USE or OBSOLETE)
Owner/Change controller: Owner/Change controller:
(Any other information that the author deems interesting may be (Any other information that the author deems interesting may be
added below this line.) added below this line.)
skipping to change at page 19, line 51 skipping to change at page 21, line 4
9. Security considerations 9. Security considerations
Security issues are discussed throughout this memo. Security issues are discussed throughout this memo.
When the client selects a security layer with at least integrity When the client selects a security layer with at least integrity
protection, this protects against an active attacker hijacking the protection, this protects against an active attacker hijacking the
connection and modifying the authentication exchange to negotiate a connection and modifying the authentication exchange to negotiate a
plaintext connection. plaintext connection.
When a server or client supports multiple authentication mechanisms, When a server or client supports multiple authentication mechanisms,
each of which has a different security strength, it is possible for
an active attacker to cause a party to use the least secure mechanism
Internet DRAFT SASL 28 June 2004 Internet DRAFT SASL 25 October 2004
each of which has a different security strength, it is possible for
an active attacker to cause a party to use the least secure mechanism
supported. To protect against this sort of attack, a client or supported. To protect against this sort of attack, a client or
server which supports mechanisms of different strengths should have a server which supports mechanisms of different strengths should have a
configurable minimum strength that it will use. It is not sufficient configurable minimum strength that it will use. It is not sufficient
for this minimum strength check to only be on the server, since an for this minimum strength check to only be on the server, since an
active attacker can change which mechanisms the client sees as being active attacker can change which mechanisms the client sees as being
supported, causing the client to send authentication credentials for supported, causing the client to send authentication credentials for
its weakest supported mechanism. its weakest supported mechanism.
The client's selection of a SASL mechanism is done in the clear and The client's selection of a SASL mechanism is done in the clear and
may be modified by an active attacker. It is important for any new may be modified by an active attacker. It is important for any new
skipping to change at page 20, line 43 skipping to change at page 21, line 45
attack. attack.
Any protocol interactions prior to authentication are performed in Any protocol interactions prior to authentication are performed in
the clear and may be modified by an active attacker. In the case the clear and may be modified by an active attacker. In the case
where a client selects integrity protection, it is important that any where a client selects integrity protection, it is important that any
security-sensitive protocol negotiations be performed after security-sensitive protocol negotiations be performed after
authentication is complete. Protocols should be designed such that authentication is complete. Protocols should be designed such that
negotiations performed prior to authentication should be either negotiations performed prior to authentication should be either
ignored or revalidated once authentication is complete. ignored or revalidated once authentication is complete.
Clients should be admonished to validate TLS server IDs to prevent
MITM attacks when using SASL-over-TLS. The same recommendation
applies to other protocols providing security services.
When use of a security layer is negotiated by the authentication When use of a security layer is negotiated by the authentication
protocol exchange, the receiver should handle gracefully any protocol exchange, the receiver should handle gracefully any
protected data buffer larger than the defined/negotiated maximal protected data buffer larger than the defined/negotiated maximal
size. In particular, it must not blindly allocate the amount of size. In particular, it must not blindly allocate the amount of
memory specified in the buffer size field, as this might cause the memory specified in the buffer size field, as this might cause the
"out of memory" condition. If the receiver detects a large block, it "out of memory" condition. If the receiver detects a large block, it
Internet DRAFT SASL 25 October 2004
SHOULD close the connection. SHOULD close the connection.
Distributed server implementations need to be careful in how they Distributed server implementations need to be careful in how they
trust other parties. In particular, authentication secrets should trust other parties. In particular, authentication secrets should
only be disclosed to other parties that are trusted to manage and use only be disclosed to other parties that are trusted to manage and use
those secrets in manner acceptable to disclosing party. Applications those secrets in manner acceptable to disclosing party. Applications
Internet DRAFT SASL 28 June 2004
using SASL assume that SASL security layers providing data using SASL assume that SASL security layers providing data
confidentiality are secure even when an attacker chooses the text to confidentiality are secure even when an attacker chooses the text to
be protected by the security layer. Similarly applications assume be protected by the security layer. Similarly applications assume
that the SASL security layer is secure even if the attacker can that the SASL security layer is secure even if the attacker can
manipulate the ciphertext output of the security layer. New SASL manipulate the ciphertext output of the security layer. New SASL
mechanisms MUST meet these assumptions. mechanisms MUST meet these assumptions.
"stringprep" and Unicode security considerations apply to "stringprep" and Unicode security considerations apply to
authentication identities, authorization identities and passwords. authentication identities, authorization identities and passwords.
The EXTERNAL mechanism provides no security protection; it is The EXTERNAL mechanism provides no security protection; it is
vulnerable to spoofing by either client or server, active attack, and vulnerable to spoofing by either client or server, active attack, and
eavesdropping. It should only be used when external security eavesdropping. It should only be used when external security
mechanisms are present and have sufficient strength. mechanisms are present and have sufficient strength.
9.1. Re-keying
The secure or administratively permitted lifetimes of SASL
mechanisms' security layers are finite. Cryptographic keys weaken as
they are used and as time passes; the more time and/or ciphertext
that a cryptanalyst has after the first use of the a key, the easier
it is for the cryptanalyst to mount attacks on the key.
Administrative limits on security layers lifetime may take the form
of time limits expressed in x.509 certificates, Kerberos V tickets,
or in directories, and are often desired. <<In practice one likely
effect of administrative security layers lifetime limits is that
applications may find that security layers stop working in the middle
of application protocol operation, such as, perhaps, during large
data transfers. As the result of this the connection will be closed
(see section 3.3), which will result in unpleasant user experience.>>
Re-keying (key renegotiation process) is a<<>> way of addressing the
weakening of cryptographic keys. SASL framework does not provide for
re-keying. SASL mechanisms may; all future SASL mechanisms that
provide security layers should provide for re-keying.
Applications that wish to re-key SASL security layers where the
mechanism does not provide for re-keying should reauthenticate the
same IDs and replace the expired or soon-to-expire security layers.
Internet DRAFT SASL 25 October 2004
This approach requires support for re-keying in the application
protocols. See section 6.3.
10. References 10. References
10.1. Normative References 10.1. Normative References
[ABNF] Crocker, D. (Ed.), Overell, P., "Augmented BNF for Syntax [ABNF] Crocker, D. (Ed.), Overell, P., "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997 Specifications: ABNF", RFC 2234, November 1997
[ASCII] American National Standards Institute, "Code Extension [ASCII] American National Standards Institute, "Code Extension
Techniques for Use with the 7-bit Coded Character Set of American Techniques for Use with the 7-bit Coded Character Set of American
National Standard Code (ASCII) for Information Interchange", FIPS PUB National Standard Code (ASCII) for Information Interchange", FIPS PUB
skipping to change at page 22, line 5 skipping to change at page 23, line 44
"Unicode Standard Annex #27: Unicode 3.1" "Unicode Standard Annex #27: Unicode 3.1"
(http://www.unicode.org/reports/tr27/) and by the "Unicode Standard (http://www.unicode.org/reports/tr27/) and by the "Unicode Standard
Annex #28: Unicode 3.2" (http://www.unicode.org/reports/tr28/). Annex #28: Unicode 3.2" (http://www.unicode.org/reports/tr28/).
[Stringprep] Hoffman, P., Blanchet, M., "Preparation of [Stringprep] Hoffman, P., Blanchet, M., "Preparation of
Internationalized Strings ("stringprep")", RFC 3454, December 2002. Internationalized Strings ("stringprep")", RFC 3454, December 2002.
[SASLprep] Zeilenga, K., "SASLprep: Stringprep profile for user names [SASLprep] Zeilenga, K., "SASLprep: Stringprep profile for user names
and passwords", Work in progress, draft-ietf-sasl-saslprep-XX.txt. and passwords", Work in progress, draft-ietf-sasl-saslprep-XX.txt.
Internet DRAFT SASL 28 June 2004
[UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO 10646", [UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO 10646",
RFC 3629, STD 63, November 2003. RFC 3629, STD 63, November 2003.
10.2. Informative References 10.2. Informative References
[SASL-GSSAPI] Melnikov, A., "SASL GSSAPI mechanisms", work in [SASL-GSSAPI] Melnikov, A., "SASL GSSAPI mechanisms", work in
progress, draft-ietf-sasl-gssapi-XX.txt, November 2003 progress, draft-ietf-sasl-gssapi-XX.txt, November 2003
[SASL-DIGEST] Leach, P., Newman, C., Melnikov, A., "Using Digest [SASL-DIGEST] Leach, P., Newman, C., Melnikov, A., "Using Digest
Internet DRAFT SASL 25 October 2004
Authentication as a SASL Mechanism", work in progress, draft-ietf- Authentication as a SASL Mechanism", work in progress, draft-ietf-
sasl-rfc2831bis-XX.txt, replaces RFC 2831 sasl-rfc2831bis-XX.txt, replaces RFC 2831
[SASL-OTP] Newman, C., "The One-Time-Password SASL Mechanism", RFC [SASL-OTP] Newman, C., "The One-Time-Password SASL Mechanism", RFC
2444, October 1998. 2444, October 1998.
[SASL-SECURID] Nystrom, M., "The SecurID(r) SASL Mechanism", RFC [SASL-SECURID] Nystrom, M., "The SecurID(r) SASL Mechanism", RFC
2808, April 2000. 2808, April 2000.
[SMTP] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821, April [SMTP] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821, April
skipping to change at page 23, line 4 skipping to change at page 24, line 45
[IANA-SASL] IANA, "SIMPLE AUTHENTICATION AND SECURITY LAYER (SASL) [IANA-SASL] IANA, "SIMPLE AUTHENTICATION AND SECURITY LAYER (SASL)
MECHANISMS", http://www.iana.org/assignments/sasl-mechanisms. MECHANISMS", http://www.iana.org/assignments/sasl-mechanisms.
[TLS] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC [TLS] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC
2246, January 1999. 2246, January 1999.
[IPSec] Kent, S., and R. Atkinson, "Security Architecture for the [IPSec] Kent, S., and R. Atkinson, "Security Architecture for the
Internet Protocol", RFC 2401, November 1998. Internet Protocol", RFC 2401, November 1998.
[Sec-Glossary] Shirey, R., "Internet Security Glossary", RFC 2828, [Sec-Glossary] Shirey, R., "Internet Security Glossary", RFC 2828,
Internet DRAFT SASL 28 June 2004
May 2000. May 2000.
11. Editor's Address 11. Editor's Address
Alexey Melnikov Alexey Melnikov
Isode Limited Isode Limited
5 Castle Business Village 5 Castle Business Village
36 Station Road 36 Station Road
Hampton, Middlesex, Hampton, Middlesex,
Internet DRAFT SASL 25 October 2004
TW12 2BX, United Kingdom TW12 2BX, United Kingdom
Email: Alexey.Melnikov@isode.com Email: Alexey.Melnikov@isode.com
URI: http://www.melnikov.ca/ URI: http://www.melnikov.ca/
12. Acknowledgments 12. Acknowledgments
This document is a revision of RFC 2222 written by John G. Myers. He This document is a revision of RFC 2222 written by John G. Myers. He
also contributed significantly to this revision. also contributed significantly to this revision.
Contributions of many members of the SASL mailing list are gratefully Contributions of many members of the SASL mailing list are gratefully
acknowledged, in particular Kurt Zeilenga, Peter Saint-Andre, Rob acknowledged, in particular that of Kurt Zeilenga, Peter Saint-Andre,
Siemborski, Magnus Nystrom, Jeffrey Hutzelman, Hallvard B Furuseth, Rob Siemborski, Magnus Nystrom, Jeffrey Hutzelman, Hallvard B
Tony Hansen, Simon Josefsson, Abhijit Menon-Sen, RL 'Bob' Morgan, Sam Furuseth, Tony Hansen, Simon Josefsson, Abhijit Menon-Sen, RL 'Bob'
Hartman, Tim Alsop and Luke Howard for proofreading the document and Morgan, Sam Hartman, Nicolas Williams, Tim Alsop and Luke Howard.
various editorial suggestions.
13. Full Copyright Statement
Copyright (C) The Internet Society (2004). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
Internet DRAFT SASL 28 June 2004
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
14. Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
Appendix A. Relation of SASL to transport security Appendix A. Relation of SASL to transport security
Questions have been raised about the relationship between SASL and Questions have been raised about the relationship between SASL and
various services (such as IPsec and TLS) which provide a secured various services (such as IPsec and TLS) which provide a secured
connection. connection.
Two of the key features of SASL are: Two of the key features of SASL are:
Internet DRAFT SASL 28 June 2004
The separation of the authorization identity from the identity in The separation of the authorization identity from the identity in
the client's credentials. This permits agents such as proxy the client's credentials. This permits agents such as proxy
servers to authenticate using their own credentials, yet request servers to authenticate using their own credentials, yet request
the access privileges of the identity for which they are proxying. the access privileges of the identity for which they are proxying.
Upon successful completion of an authentication exchange, the Upon successful completion of an authentication exchange, the
server knows the authorization identity the client wishes to use. server knows the authorization identity the client wishes to use.
This allows servers to move to a "user is authenticated" state in This allows servers to move to a "user is authenticated" state in
the protocol. the protocol.
skipping to change at page 25, line 31 skipping to change at page 26, line 5
framing of SASL and some method of providing these important SASL framing of SASL and some method of providing these important SASL
features would have to be devised. features would have to be devised.
Sometimes it is desired to enable within an existing connection the Sometimes it is desired to enable within an existing connection the
use of a security service which does not fit the SASL model. (TLS is use of a security service which does not fit the SASL model. (TLS is
an example of such a service.) This can be done by adding a command, an example of such a service.) This can be done by adding a command,
for example "STARTTLS", to the protocol. Such a command is outside for example "STARTTLS", to the protocol. Such a command is outside
the scope of SASL, and should be different from the command which the scope of SASL, and should be different from the command which
starts a SASL authentication protocol exchange. starts a SASL authentication protocol exchange.
Internet DRAFT SASL 25 October 2004
In certain situations, it is reasonable to use SASL underneath one of In certain situations, it is reasonable to use SASL underneath one of
these Transport Security services. The transport service would these Transport Security services. The transport service would
secure the connection, either service would authenticate the client, secure the connection, either service would authenticate the client,
and SASL would negotiate the authorization identity. The SASL and SASL would negotiate the authorization identity. The SASL
negotiation would be what moves the protocol from "unauthenticated" negotiation would be what moves the protocol from "unauthenticated"
to "authenticated" state. The "EXTERNAL" SASL mechanism is to "authenticated" state. The "EXTERNAL" SASL mechanism is
explicitly intended to handle the case where the transport service explicitly intended to handle the case where the transport service
secures the connection and authenticates the client and SASL secures the connection and authenticates the client and SASL
negotiates the authorization identity. negotiates the authorization identity.
Appendix B. Relationship to other documents Appendix B. Changes since RFC 2222
This document obsoletes RFC 2222. It replaces all portions of RFC
2222 excepting sections 7.1 (Kerberos version 4 mechanism), 7.2
(GSSAPI mechanism), 7.3 (S/Key mechanism). The Kerberos version 4
(KERBEROS_IV) and S/Key (SKEY) mechanisms are now viewed as obsolete.
The GSSAPI mechanism is now separately specified [SASL-GSSAPI].
Appendix C. Changes since RFC 2222
The GSSAPI mechanism was removed. It is now specified in a separate The GSSAPI mechanism was removed. It is now specified in a separate
document [SASL-GSSAPI]. document [SASL-GSSAPI].
The "KERBEROS_V4" mechanism defined in RFC 2222 is obsolete and has The "KERBEROS_V4" mechanism defined in RFC 2222 is obsolete and has
Internet DRAFT SASL 28 June 2004
been removed. been removed.
The "SKEY" mechanism described in RFC 2222 is obsolete and has been The "SKEY" mechanism described in RFC 2222 is obsolete and has been
removed. It has been replaced by the OTP mechanism [SASL-OTP]. removed. It has been replaced by the OTP mechanism [SASL-OTP].
The introduction has been substantially reorganized and clarified. The introduction has been substantially reorganized and clarified.
Clarified the definition and semantics of the authorization identity. Clarified the definition and semantics of the authorization identity.
Prohibited the NUL character in authorization identities. Prohibited the NUL character in authorization identities.
skipping to change at page 26, line 39 skipping to change at page 27, line 5
in the base SASL spec. in the base SASL spec.
Added a requirement discouraging protocol profiles from breaking the Added a requirement discouraging protocol profiles from breaking the
separation between protocol and mechanism. separation between protocol and mechanism.
Mentioned that standards track documents may carve out their own Mentioned that standards track documents may carve out their own
portions of the SASL mechanism namespace and may amend registration portions of the SASL mechanism namespace and may amend registration
rules for the portion. However registration of individual SASL rules for the portion. However registration of individual SASL
mechanisms is still required. mechanisms is still required.
Internet DRAFT SASL 25 October 2004
Clarified that authorization identity should be encoded in UTF-8.
Specified that the authorization identity in the EXTERNAL mechanism Specified that the authorization identity in the EXTERNAL mechanism
is encoded in UTF-8. is encoded in UTF-8.
Added a statement that a protocol profile SHOULD allow challenge data Added a statement that a protocol profile SHOULD allow challenge data
to be sent with a success indication. to be sent with a success indication.
Added a security consideration for the EXTERNAL mechanism. Added a security consideration for the EXTERNAL mechanism.
Clarified sections concerning success with additional data. Clarified sections concerning success with additional data.
Cleaned up IANA considerations/registrations and assembled them in Cleaned up IANA considerations/registrations and assembled them in
one place. one place.
Updated references and split them into Informative and Normative. Updated references and split them into Informative and Normative.
Added text to the Security Considerations section regarding handling Added text to the Security considerations section regarding handling
Internet DRAFT SASL 28 June 2004
of extremely large SASL blocks. of extremely large SASL blocks.
Replaced UTF-8 ABNF with the reference to the UTF-8 document.
Added text about SASLprep for authentication identities and Added text about SASLprep for authentication identities and
passwords. Described where SASLprep preparation should take place. passwords. Described where SASLprep preparation should take place.
Added paragraph about verifying authorization identities. Added paragraph about verifying authorization identities.
Added a protocol profile requirement to specify interaction between Added a protocol profile requirement to specify interaction between
SASL and TLS security layers. SASL and TLS security layers.
Added a protocol profile requirement to specify if it supports Added a protocol profile requirement to specify if it supports
reauthentication. reauthentication.
Removed the text that seemed to suggest that SASL security layer must Removed the text that seemed to suggest that SASL security layer must
not be used when TLS is available. not be used when TLS is available.
Created two subsections in 3.2 to talk separately about proxy Created two subsections in 3.2 to talk separately about proxy
authorization and format of the authorization identities. authorization and format of the authorization identities.
Made requirement to verify that an authorization identity is correct Made requirement to verify that an authorization identity is correct
by performing SASLprep a SHOULD, instead of a MUST. by performing SASLprep.
Clarified that each SASL mechanism must decide where SASLprep is Clarified that each SASL mechanism must decide where SASLprep is
taking place. taking place.
Added 4 new examples for initial response and additional data with Added 4 new examples for initial response and additional data with
success. success.
Added text on checking the list of available SASL mechanisms after Added text on checking the list of available SASL mechanisms after
negotiating a security layer. negotiating a security layer.
Internet DRAFT SASL 25 October 2004
Added definition of "integrity protection" and "confidentiality Added definition of "integrity protection" and "confidentiality
protection". protection".
Added warning about negotiating no layer once a security layer is Added warning about negotiating no layer once a security layer is
negotiated. negotiated.
Added new section with guidelines to a SASL mechanism designer. Added new section with guidelines to a SASL mechanism designer.
Added a requirement to specify how an empty initial challenge is Added a requirement to specify how an empty initial challenge is
encoded if initial response is supported by a protocol. encoded if initial response is supported by a protocol.
Clarified that empty "additional data with success" is not allowed. Clarified that empty "additional data with success" is not allowed.
Replaced "buffers of security encoded data" with "buffers of Replaced "buffers of cipher-text" with "buffers of protected data"
protected data" for clarity. for clarity.
Internet DRAFT SASL 28 June 2004
Clarified that SASL EXTERNAL can be used even with SASL profiles that Clarified that SASL EXTERNAL can be used even with SASL profiles that
don't support initial data with success. don't support initial client response.
Internet DRAFT SASL 28 June 2004 Changed "authentication protocol exchange" to "authentication
exchange" everywhere.
Status of this Memo .......................................... i Appendix C. Full Copyright Statement and Intellectual Property Statement
Abstract ..................................................... 2
1. Conventions used in this document ........................ 2 Full Copyright Statement
2. Introduction ........................................... 2
3. Authentication mechanisms .............................. 4 Copyright (C) The Internet Society (2004). This document is subject
3.1. Authentication protocol exchange ....................... 5 to the rights, licenses and restrictions contained in BCP 78, and
3.2. Authorization and authentication identities ............ 6 except as set forth therein, the authors retain all their rights.
3.2.1. Authorization identities and proxy authentication .... 6
3.2.2. Authorization Identity Format ........................ 7 This document and translations of it may be copied and furnished to
3.3. Security layers ........................................ 7 others, and derivative works that comment on or otherwise explain it
4. Protocol profile requirements .......................... 8 or assist in its implementation may be prepared, copied, published
5. Mechanism profile guidelines .......................... 10 and distributed, in whole or in part, without restriction of any
6. Specific issues ....................................... 11 kind, provided that the above copyright notice and this paragraph are
6.1. Client sends data first ............................... 11 included on all such copies and derivative works. However, this
6.1.1. Client sends data first examples .................... 11 document itself may not be modified in any way, such as by removing
6.2. Server returns success with additional data ........... 12 the copyright notice or references to the Internet Society or other
6.2.1. Server returns success with additional data examples 13 Internet organizations, except as needed for the purpose of
6.3. Multiple authentications .............................. 14 developing Internet standards in which case the procedures for
7. The EXTERNAL mechanism ................................ 15 copyrights defined in the Internet Standards process must be
7.1. Formal syntax ......................................... 15 followed, or as required to translate it into languages other than
7.2. Examples of SASL EXTERNAL ............................. 16 English.
8. IANA Considerations ................................... 17
8.1. Guidelines for IANA ................................... 17 The limited permissions granted above are perpetual and will not be
8.2. Registration procedure ................................ 17 revoked by the Internet Society or its successors or assigns.
8.3. Comments on SASL mechanism registrations .............. 18
8.4. Change control ........................................ 18 Internet DRAFT SASL 25 October 2004
8.5. Registration template ................................. 18
8.6. The EXTERNAL mechanism registration ................... 19 This document and the information contained herein are provided on an
9. Security considerations ................................ 19 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
10. References ........................................... 21 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
10.1. Normative References ................................. 21 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
10.2. Informative References ............................... 22 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
11. Editor's Address ...................................... 23 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
12. Acknowledgments ....................................... 23 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
13. Full Copyright Statement .............................. 23
14. Intellectual Property ................................. 24 Acknowledgement
Appendix A. Relation of SASL to transport security .......... 24
Appendix B. Relationship to other documents ................. 25 Funding for the RFC Editor function is currently provided by the
Appendix C. Changes since RFC 2222 .......................... 25 Internet Society.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
Internet DRAFT SASL 25 October 2004
Status of this Memo ..... i
Abstract . 2
1. Conventions used in this document .. 2
2. Introduction . 2
2.1. Relationship to other documents .. 4
3. Authentication mechanisms ... 5
3.1. Authentication Exchange ..... 5
3.2. Identity Concepts . 6
3.2.1. Authorization identities and proxy authentication
..... 7
3.2.2. Authorization Identity Format
..... 8
3.3. Security layers
..... 8
4. Protocol profile requirements
..... 9
5. Mechanism profile guidelines
..... 10
6. Specific issues
..... 12
6.1. Client sends data first
..... 12
6.1.1. Client sends data first examples
..... 12
6.2. Server returns success with additional data ..... 13
6.2.1. Server returns success with additional data examples .... 14
6.3. Multiple authentications .... 15
7. The EXTERNAL mechanism . 16
7.1. Formal syntax ..... 16
7.2. Examples of SASL EXTERNAL ... 17
8. IANA Considerations .... 18
8.1. Guidelines for IANA .... 18
8.2. Registration procedure . 18
8.3. Comments on SASL mechanism registrations ... 19
8.4. Change control .... 19
8.5. Registration template .. 19
8.6. The EXTERNAL mechanism registration ... 20
9. Security considerations . 20
9.1. Re-keying .... 22
10. References .. 23
10.1. Normative References .. 23
10.2. Informative References ..... 23
11. Editor's Address .. 24
12. Acknowledgments ... 25
Appendix A. Relation of SASL to transport security .... 25
Appendix B. Changes since RFC 2222 ..... 26
Appendix C. Full Copyright Statement and Intellectual Property Statement
..... 28
Internet DRAFT SASL 25 October 2004
Full Copyright Statement ..... 28
Intellectual Property ... 29
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/