Skip to main content

The Hashed Token SASL Mechanism

Document Type Expired Internet-Draft (individual)
Authors Florian Schmaus , Christoph Egger
Last updated 2020-05-04 (Latest revision 2019-11-01)
Stream (None)
Intended RFC status (None)
Expired & archived
Additional resources GitHub Repository
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document specifies the family of Hashed Token SASL mechanisms which enable a proof-of-possession-based authentication scheme and are meant to be used for quick re-authentication of a previous session. The Hashed Token SASL mechanism's authentication sequence consists of only one round-trip. The usage of short-lived, exclusively ephemeral hashed tokens is achieving the single round- trip property. The SASL mechanism specified herin further provides hash agility, mutual authentication and is secured by channel binding.


Florian Schmaus
Christoph Egger

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)