SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication and Security Layer (SASL) Mechanisms
draft-hansen-scram-sha256-04

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>
Subject: Protocol Action: 'SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SASL Mechanisms' to Proposed Standard (draft-hansen-scram-sha256-04.txt)

The IESG has approved the following document:
- 'SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SASL Mechanisms'
  (draft-hansen-scram-sha256-04.txt) as Proposed Standard

This document has been reviewed in the IETF but is not the product of an
IETF Working Group.

The IESG contact person is Stephen Farrell.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-hansen-scram-sha256/

Ballot Text

Technical Summary

   This document registers the SASL mechanisms SCRAM-SHA-256 
   and SCRAM-SHA-256-PLUS. It also updates the SCRAM mechanism 
   registration procedures of RFC 5802, by updating the mailing list 
   reference and adding a few more requirements.

Working Group Summary

   This is an individual submission, but the document had an adequate 
   number of reviews on the Kitten WG mailing list. It was also 
   mentioned/discussed in the HTTPAUTH WG.

   The document is pretty straigtforward, but one issue resulted 
   in a longer discussion:  tls-unique channel binding is now known to be 
   broken unless use of draft-ietf-tls-session-hash-06 TLS extension is 
   negotiated. While ideally the base SCRAM document should have been 
   updated to mention this, it is useful to mention this issue in this 
   draft.

Document Quality

   This is a pretty simple specification. I (SF) don't know of  
   implementations.

Personnel

   Alexey Melnikov is the document shepherd. Stephen Farrell
   is the irresponsible AD.

RFC Editor Note

In the abstract please remove the colon after "registers:" and 
s/provdes/provides/

RFC Editor Note