Simple Authentication and Security Layer (SASL)
RFC 4422

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    sasl mailing list <ietf-sasl@imc.org>, 
    sasl chair <sasl-chairs@tools.ietf.org>
Subject: Protocol Action: 'Simple Authentication and Security 
         Layer (SASL)' to Proposed Standard 

The IESG has approved the following document:

- 'Simple Authentication and Security Layer (SASL) '
   <draft-ietf-sasl-rfc2222bis-16.txt> as a Proposed Standard

This document is the product of the Simple Authentication and Security 
Layer Working Group. 

The IESG contact persons are Sam Hartman and Tim Polk.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-sasl-rfc2222bis-16.txt

Technical Summary
 
       This document replaces RFC 2222 as the definition of the Simple
       Authentication and Security Layer (SASL), a framework for
       providing authentication and data security services in
       connection-oriented protocols via replaceable mechanisms.  SASL
       provides a structured interface between protocols and
       mechanisms.  The resulting framework allows new protocols to
       reuse existing mechanisms and allows old protocols to make use
       of new mechanisms.  The framework also provides a protocol for
       securing subsequent protocol exchanges within a data security
       layer.  This document also defines one SASL mechanism, the
       EXTERNAL mechanism.

 
Working Group Summary
 
       The document has been through multiple last calls.  The most
       recent last call produced only editorial comments.

 
Protocol Quality
 
       Many people have provided valuable reviews of this
       specification.  This specification was reviewed by Sam Hartman
       for the IESG.


Note to RFC Editor
 
Note to the RFC Editor:

In draft-ietf-sasl-rfc2222bis:

In section 6.1.1, replace:
  Implementations should close the connection 

with
  Implementations SHOULD close the connection


In section 6.1.2, pp 2, replace:
  implementations should not advertise mechanisms and/or
  features which cannot meet their minimum security
  requirements, should not enter into or continue
  authentication exchanges which cannot meet their
  minimum security requirements, and should verify
with:
  implementations SHOULD NOT advertise mechanisms and/or
  features which cannot meet their minimum security
  requirements, SHOULD NOT enter into or continue
  authentication exchanges which cannot meet their
  minimum security requirements, and SHOULD verify

In Section 6.1.2, pp 3, replace:
   the client may discover the SASL mechanisms 

with:
   the client can discover the SASL mechanisms

and replace:
   the client should close

with
   the client SHOULD close
In Section 6.1.5, replace:
   receiver should handle
with:
   receiver SHOULD handle

and replace:
   it must not blindly allocate 

with:
   it MUST NOT blindly allocate

and replace:
   it should close the connection
with
   it SHOULD close the connection

In section 6.3, replace
  Applications that wish
with
  Implementations that wish

and replace
  should reauthenitcate
with:
  SHOULD reauthenticate using