Skip to main content

A Password-based Authentication Protocol
draft-josefsson-password-auth-00

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Simon Josefsson
Last updated 2007-03-28
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

There is a lack of a simple, standardized, secure and modern password-based mechanism for user authentication in application protocols. This document specify a challenge/response protocol that provide password-based authentication services. We describe how the protocol may be used as a GSS-API mechanism and, using the GS2 framework, how it may be used as a SASL mechanism. The protocol supports HMAC-SHA-256 as the mandatory to implement algorithm, and it supports channel bindings. The intended use is by application protocol that today use CRAM-MD5 or DIGEST-MD5 via SASL, or by GSS- API applications that needs a password based method. The protocol is applicable to other environments, such as EAP, should the need arise. See <http://josefsson.org/password/> for more information.

Authors

Simon Josefsson

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)