Technical Summary
This document registers the SASL mechanisms SCRAM-SHA-256
and SCRAM-SHA-256-PLUS. It also updates the SCRAM mechanism
registration procedures of RFC 5802, by updating the mailing list
reference and adding a few more requirements.
Working Group Summary
This is an individual submission, but the document had an adequate
number of reviews on the Kitten WG mailing list. It was also
mentioned/discussed in the HTTPAUTH WG.
The document is pretty straigtforward, but one issue resulted
in a longer discussion: tls-unique channel binding is now known to be
broken unless use of draft-ietf-tls-session-hash-06 TLS extension is
negotiated. While ideally the base SCRAM document should have been
updated to mention this, it is useful to mention this issue in this
draft.
Document Quality
This is a pretty simple specification. I (SF) don't know of
implementations.
Personnel
Alexey Melnikov is the document shepherd. Stephen Farrell
is the irresponsible AD.
RFC Editor Note
In the abstract please remove the colon after "registers:" and
s/provdes/provides/