datatracker.ietf.org
Sign in
Version 5.6.2.p5, 2014-08-04
Report a bug

Simple Authentication and Security Layer (SASL)
RFC 4422

Document type: RFC - Proposed Standard (June 2006; No errata)
Obsoletes RFC 2222
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4422 (Proposed Standard)
Responsible AD: Sam Hartman
Send notices to: tlyu@mit.edu, kurt@openLDAP.org

Network Working Group                                   A. Melnikov, Ed.
Request for Comments: 4422                                 Isode Limited
Obsoletes: 2222                                         K. Zeilenga, Ed.
Category: Standards Track                            OpenLDAP Foundation
                                                               June 2006

            Simple Authentication and Security Layer (SASL)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   The Simple Authentication and Security Layer (SASL) is a framework
   for providing authentication and data security services in
   connection-oriented protocols via replaceable mechanisms.  It
   provides a structured interface between protocols and mechanisms.
   The resulting framework allows new protocols to reuse existing
   mechanisms and allows old protocols to make use of new mechanisms.
   The framework also provides a protocol for securing subsequent
   protocol exchanges within a data security layer.

   This document describes how a SASL mechanism is structured, describes
   how protocols include support for SASL, and defines the protocol for
   carrying a data security layer over a connection.  In addition, this
   document defines one SASL mechanism, the EXTERNAL mechanism.

   This document obsoletes RFC 2222.

Melnikov & Zeilenga         Standards Track                     [Page 1]
RFC 4422                          SASL                         June 2006

Table of Contents

   1. Introduction ....................................................3
      1.1. Document Audiences .........................................4
      1.2. Relationship to Other Documents ............................4
      1.3. Conventions ................................................5
   2. Identity Concepts ...............................................5
   3. The Authentication Exchange .....................................6
      3.1. Mechanism Naming ...........................................8
      3.2. Mechanism Negotiation ......................................9
      3.3. Request Authentication Exchange ............................9
      3.4. Challenges and Responses ...................................9
           3.4.1. Authorization Identity String ......................10
      3.5. Aborting Authentication Exchanges .........................10
      3.6. Authentication Outcome ....................................11
      3.7. Security Layers ...........................................12
      3.8. Multiple Authentications ..................................12
   4. Protocol Requirements ..........................................13
   5. Mechanism Requirements .........................................16
   6. Security Considerations ........................................18
      6.1. Active Attacks ............................................19
           6.1.1. Hijack Attacks .....................................19
           6.1.2. Downgrade Attacks ..................................19
           6.1.3. Replay Attacks .....................................20
           6.1.4. Truncation Attacks .................................20
           6.1.5. Other Active Attacks ...............................20
      6.2. Passive Attacks ...........................................20
      6.3. Re-keying .................................................21
      6.4. Other Considerations ......................................21
   7. IANA Considerations ............................................22
      7.1. SASL Mechanism Registry ...................................22
      7.2. Registration Changes ......................................26
   8. References .....................................................26
      8.1. Normative References ......................................26
      8.2. Informative References ....................................27
   9. Acknowledgements ...............................................28
   Appendix A.  The SASL EXTERNAL Mechanism ..........................29
      A.1. EXTERNAL Technical Specification ..........................29
      A.2. SASL EXTERNAL Examples ....................................30
      A.3. Security Considerations ...................................31
   Appendix B.  Changes since RFC 2222 ...............................31

Melnikov & Zeilenga         Standards Track                     [Page 2]

[include full document text]