|
Simple Authentication and Security Layer (sasl)Last Modified: 2009-08-24 Additional information is available at tools.ietf.org/wg/sasl
Chair(s):Security Area Director(s):Security Area Advisor:Mailing Lists:General Discussion: sasl@ietf.orgTo Subscribe: https://www.ietf.org/mailman/listinfo/sasl Archive: http://www.ietf.org/mail-archive/web/sasl/current/maillist.html Description of Working Group:The Simple Authentication and Security Layer [RFC4422] provides keysecurity services to a number of application protocols including BEEP, IMAP, LDAP, POP, and SMTP. The purpose of this working group is to shepherd SASL, including select SASL mechanisms, through the Internet Standards process. This group will work to progress the SASL Technical Specification toward Draft Standard. The group has determined that DIGEST-MD5 [RFC2831] is not suitable for progression on the Standards Track due to interoperability, internationalization, and security concerns. The group will deliver a technical specification for a suitable password-based challenge/ response replacement mechanism for Standard Track consideration. The replacement mechanism is expected to be "better than" DIGEST-MD5 from a number of perspectives including interoperability, internationalization, and security. The replacement mechanism is not expected to (but may) provide a security layer itself, instead relying on security services provided at a lower layer (e.g., TLS) and channel bindings. The WG is expected to strike a consensus-supported balance between the many qualities desired in the replacement. Desired qualities include (but are not limited to) negotiated key hardening iteration count, downgrade attack protection, and mutual authentication. The group intends to consider a number of approaches, including draft-newman-auth-scram and draft-josefsson-password-auth, as input. Additionally, the WG will deliver a document summarizing its DIGEST-MD5 concerns and requesting RFC 2831 be moved to Historic status. This document will be based upon draft-ietf-sasl-digest-to- historic. This group will deliver a revised Technical Specification suitable for publication as Proposed Standard for the GSS-API family of SASL mechanisms. This work will be based upon draft-ietf-sasl-gs2. The group will produce a successor document for the CRAM-MD5 specification, RFC 2195. The outcome can be a Standards Track specification replacing RFC 2195, an Informational document moving RFC 2195 to Historic, or an Informational document that documents existing implementation practice. The following areas are not within the scope of work of this WG: - new features, - SASL Mechanisms not specifically mentioned above, and - SASL "profiles". However, the SASL WG is an acceptable forum for review of SASL-related submissions produced by others as long as such review does not impede progress on the WG objectives listed above. Goals and Milestones:
Internet-Drafts:Using GSS-API Mechanisms in SASL: The GS2 Mechanism Family (47272 bytes)Simple Authentication and Security Layer (SASL) (70977 bytes) SASL And Channel Binding (14713 bytes) Salted Challenge Response (SCRAM) SASL Mechanism (57560 bytes) Request For Comments:SASLprep: Stringprep profile for user names and passwords (RFC 4013) (13051 bytes)Simple Authentication and Security Layer (SASL) (RFC 4422) (73206 bytes) obsoletes RFC 2222 Anonymous Simple Authentication and Security Layer (SASL) Mechanism (RFC 4505) (16599 bytes) obsoletes RFC 2245 The PLAIN Simple Authentication and Security Layer (SASL) Mechanism (RFC 4616) (20270 bytes) updates RFC 2595 The Kerberos V5 ( (RFC 4752) (22133 bytes) obsoletes RFC 2222 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
