Technical Summary
This document replaces RFC 2222 as the definition of the Simple
Authentication and Security Layer (SASL), a framework for
providing authentication and data security services in
connection-oriented protocols via replaceable mechanisms. SASL
provides a structured interface between protocols and
mechanisms. The resulting framework allows new protocols to
reuse existing mechanisms and allows old protocols to make use
of new mechanisms. The framework also provides a protocol for
securing subsequent protocol exchanges within a data security
layer. This document also defines one SASL mechanism, the
EXTERNAL mechanism.
Working Group Summary
The document has been through multiple last calls. The most
recent last call produced only editorial comments.
Protocol Quality
Many people have provided valuable reviews of this
specification. This specification was reviewed by Sam Hartman
for the IESG.
Note to RFC Editor
Note to the RFC Editor:
In draft-ietf-sasl-rfc2222bis:
In section 6.1.1, replace:
Implementations should close the connection
with
Implementations SHOULD close the connection
In section 6.1.2, pp 2, replace:
implementations should not advertise mechanisms and/or
features which cannot meet their minimum security
requirements, should not enter into or continue
authentication exchanges which cannot meet their
minimum security requirements, and should verify
with:
implementations SHOULD NOT advertise mechanisms and/or
features which cannot meet their minimum security
requirements, SHOULD NOT enter into or continue
authentication exchanges which cannot meet their
minimum security requirements, and SHOULD verify
In Section 6.1.2, pp 3, replace:
the client may discover the SASL mechanisms
with:
the client can discover the SASL mechanisms
and replace:
the client should close
with
the client SHOULD close
In Section 6.1.5, replace:
receiver should handle
with:
receiver SHOULD handle
and replace:
it must not blindly allocate
with:
it MUST NOT blindly allocate
and replace:
it should close the connection
with
it SHOULD close the connection
In section 6.3, replace
Applications that wish
with
Implementations that wish
and replace
should reauthenitcate
with:
SHOULD reauthenticate using