SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication and Security Layer (SASL) Mechanisms

Approval announcement
Draft of message to be sent after approval:

From: The IESG <>
To: IETF-Announce <>
Cc: RFC Editor <>
Subject: Protocol Action: 'SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SASL Mechanisms' to Proposed Standard (draft-hansen-scram-sha256-04.txt)

The IESG has approved the following document:
- 'SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SASL Mechanisms'
  (draft-hansen-scram-sha256-04.txt) as Proposed Standard

This document has been reviewed in the IETF but is not the product of an
IETF Working Group.

The IESG contact person is Stephen Farrell.

A URL of this Internet Draft is:

Technical Summary

   This document registers the SASL mechanisms SCRAM-SHA-256 
   and SCRAM-SHA-256-PLUS. It also updates the SCRAM mechanism 
   registration procedures of RFC 5802, by updating the mailing list 
   reference and adding a few more requirements.

Working Group Summary

   This is an individual submission, but the document had an adequate 
   number of reviews on the Kitten WG mailing list. It was also 
   mentioned/discussed in the HTTPAUTH WG.

   The document is pretty straigtforward, but one issue resulted 
   in a longer discussion:  tls-unique channel binding is now known to be 
   broken unless use of draft-ietf-tls-session-hash-06 TLS extension is 
   negotiated. While ideally the base SCRAM document should have been 
   updated to mention this, it is useful to mention this issue in this 

Document Quality

   This is a pretty simple specification. I (SF) don't know of  


   Alexey Melnikov is the document shepherd. Stephen Farrell
   is the irresponsible AD.

RFC Editor Note

In the abstract please remove the colon after "registers:" and