Skip to main content

Extensions to Salted Challenge Response (SCRAM) for 2 factor authentication

Document Type Replaced Internet-Draft (kitten WG)
Expired & archived
Author Alexey Melnikov
Last updated 2022-01-07 (Latest revision 2021-05-24)
Replaced by draft-ietf-kitten-scram-2fa
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state WG Document
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-kitten-scram-2fa
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This specification describes an extension to family of Simple Authentication and Security Layer (SASL; RFC 4422) authentication mechanisms called the Salted Challenge Response Authentication Mechanism (SCRAM), which provides support for 2 factor authentication. This specification also gives an example of how TOTP (RFC 6238) can be used as the second factor.


Alexey Melnikov

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)