idnits 2.17.1 draft-melnikov-scram-2fa-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 19, 2020) is 1499 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 4949 Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Melnikov 3 Internet-Draft Isode Ltd 4 Intended status: Standards Track March 19, 2020 5 Expires: September 20, 2020 7 Extensions to Salted Challenge Response (SCRAM) for 2 factor 8 authentication 9 draft-melnikov-scram-2fa-00 11 Abstract 13 This specification describes an extension to family of Simple 14 Authentication and Security Layer (SASL; RFC 4422) authentication 15 mechanisms called the Salted Challenge Response Authentication 16 Mechanism (SCRAM), which provides support for 2 factor 17 authentication. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at https://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on September 20, 2020. 36 Copyright Notice 38 Copyright (c) 2020 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (https://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 2. Conventions Used in This Document . . . . . . . . . . . . . . 2 55 2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2.2. Notation . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 3. SCRAM Extension for 2FA . . . . . . . . . . . . . . . . . . . 3 58 4. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 3 59 5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 4 60 6. Security Considerations . . . . . . . . . . . . . . . . . . . 4 61 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 62 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 63 9. Normative References . . . . . . . . . . . . . . . . . . . . 5 64 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5 66 1. Introduction 68 SCRAM [RFC5802] is a password based SASL [RFC4422] authentication 69 mechanism that provides (among other things) mutual authentication 70 and binding to an external security layer such as TLS. 72 Two-factor authentication (2FA) is a way to add additional security 73 to an authentication exchange. The first "factor" is a password. 74 The second "factor" is a verification code retrieved from an 75 application on a mobile device or computer. 2FA is conceptually 76 similar to a security token device that banks in some countries 77 require for online banking. Other names for 2FA systems include OTP 78 (one-time password) and TOTP (Time-based One-time Password 79 algorithm). 81 This specification describes an extension to SCRAM to provide 2 82 factor authentication. SCRAM already relies on passwords for 83 authentication. This document specifies how second "factors" can be 84 incorporated into SCRAM authentication. 86 2. Conventions Used in This Document 88 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 89 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 90 document are to be interpreted as described in [RFC2119]. 92 Formal syntax is defined by [RFC5234] including the core rules 93 defined in Appendix B of [RFC5234]. 95 Example lines prefaced by "C:" are sent by the client and ones 96 prefaced by "S:" by the server. If a single "C:" or "S:" label 97 applies to multiple lines, then the line breaks between those lines 98 are for editorial clarity only, and are not part of the actual 99 protocol exchange. 101 2.1. Terminology 103 This document uses several terms defined in [RFC4949] ("Internet 104 Security Glossary") including the following: authentication, 105 authentication exchange, authentication information, brute force, 106 challenge-response, cryptographic hash function, dictionary attack, 107 eavesdropping, hash result, keyed hash, man-in-the-middle, nonce, 108 one-way encryption function, password, replay attack and salt. 109 Readers not familiar with these terms should use that glossary as a 110 reference. Other terms defined in [RFC5802] are also used in this 111 document. 113 2.2. Notation 115 This document reuses notation defined in SCRAM. 117 3. SCRAM Extension for 2FA 119 This extension doesn't add any extra roundtrips to SCRAM 120 authentication. SCRAM was designed to be extensible, so it allows 121 for optional and mandatory attributes, which covered by MAC codes. 122 Second "factors" are conveyed in the second message sent from the 123 client to the server. 125 This extension doesn't change how the client authenticates the 126 server. 128 The server authenticates the client after receiving the second 129 message as described in Section 3 of [RFC5802] If the client included 130 "type" and "second-factor" attributes (see Section 4) and the server 131 supports the specified second factor type, the server verifies 132 content of the "second-factor" according to the "type". If the 133 second factor verification fails, the server MUST fail authentication 134 and SHOULD return "second-factor-failed" error in the "e" attribute. 135 [[It would be possible to make the extra attributes mandatory by 136 using SCRAM's "m=", but the text above doesn't do that.]] 138 4. Formal Syntax 140 This document defines the following SCRAM attributes: 142 o t: This attribute specifies the type of second factor. (Create 143 IANA registry for these?) This document defines one type: "otp". 144 If this attribute is specified, the "f" attribute MUST also be 145 specified. 147 o f: This attribute specifies the value of the second factor. For 148 "t=otp" it is 6 digit decimal number. This attribute MUST be 149 ignored unless the "t" attribute is also specified. 151 The following syntax specification uses the Augmented Backus-Naur 152 Form (ABNF) notation as specified in [RFC5234]. 154 type = "t=" type-value 155 ; Complies with "attr-val" syntax. 156 type-value = "otp" / value 157 ; Type of second factor. 158 ; Should be registered with IANA. 159 second-factor = "f=" second-factor-value 160 ; Complies with "attr-val" syntax. 161 second-factor-value = 6DIGIT / value 163 server-error-value-ext = 164 "second-factor-failed" / 165 "second-factor-value-missing" 167 value = 169 5. Examples 171 The following example extends the example from Section 5 of 172 [RFC5802]: 174 C: n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL 175 S: r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92, 176 i=4096 177 C: c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j, 178 t=otp,f=776804, 179 p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts= 180 S: v=lz59pqV8S7suAoZWja4dJRkFsKQ= 182 6. Security Considerations 184 TBD 186 7. IANA Considerations 188 TBD. Possibly create a new registry of second factor types. 190 8. Acknowledgements 192 Thank you to Stephen Farrell for motivating creation of this 193 document. 195 9. Normative References 197 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 198 Requirement Levels", BCP 14, RFC 2119, 199 DOI 10.17487/RFC2119, March 1997, 200 . 202 [RFC4422] Melnikov, A., Ed. and K. Zeilenga, Ed., "Simple 203 Authentication and Security Layer (SASL)", RFC 4422, 204 DOI 10.17487/RFC4422, June 2006, 205 . 207 [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", 208 FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, 209 . 211 [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 212 Specifications: ABNF", STD 68, RFC 5234, 213 DOI 10.17487/RFC5234, January 2008, 214 . 216 [RFC5802] Newman, C., Menon-Sen, A., Melnikov, A., and N. Williams, 217 "Salted Challenge Response Authentication Mechanism 218 (SCRAM) SASL and GSS-API Mechanisms", RFC 5802, 219 DOI 10.17487/RFC5802, July 2010, 220 . 222 Author's Address 224 Alexey Melnikov 225 Isode Ltd 227 Email: Alexey.Melnikov@isode.com