SMTP Service Extension for Authentication
RFC 4954

Document Type RFC - Proposed Standard (July 2007; Errata)
Updated by RFC 5248
Obsoletes RFC 2554
Updates RFC 3463
Was draft-siemborski-rfc2554bis (individual in gen area)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4954 (Proposed Standard)
Telechat date
Responsible AD Lisa Dusseault
Send notices to alexey.melnikov@isode.com, robsiemb@google.com
Network Working Group                                 R. Siemborski, Ed.
Request for Comments: 4954                                  Google, Inc.
Obsoletes: 2554                                         A. Melnikov, Ed.
Updates: 3463                                              Isode Limited
Category: Standards Track                                      July 2007

               SMTP Service Extension for Authentication

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   This document defines a Simple Mail Transport Protocol (SMTP)
   extension whereby an SMTP client may indicate an authentication
   mechanism to the server, perform an authentication protocol exchange,
   and optionally negotiate a security layer for subsequent protocol
   interactions during this session.  This extension includes a profile
   of the Simple Authentication and Security Layer (SASL) for SMTP.

   This document obsoletes RFC 2554.

Siemborski & Melnikov       Standards Track                     [Page 1]
RFC 4954       SMTP Service Extension for Authentication       July 2007

Table of Contents

   1. Introduction ....................................................2
   2. How to Read This Document .......................................2
   3. The Authentication Service Extension ............................3
   4. The AUTH Command ................................................3
      4.1. Examples ...................................................7
   5. The AUTH Parameter to the MAIL FROM command .....................9
      5.1. Examples ..................................................10
   6. Status Codes ...................................................11
   7. Additional requirements on servers .............................12
   8. Formal Syntax ..................................................13
   9. Security Considerations ........................................14
   10. IANA Considerations ...........................................15
   11. Normative References ..........................................15
   12. Informative References ........................................16
   13. Acknowledgments ...............................................17
   14. Additional Requirements When Using SASL PLAIN over TLS ........17
   15. Changes since RFC 2554 ........................................18

1.  Introduction

   This document defines a Simple Mail Transport Protocol (SMTP)
   extension whereby an SMTP client may indicate an authentication
   mechanism to the server, perform an authentication protocol exchange,
   optionally negotiate a security layer for subsequent protocol
   interactions during this session and, during a mail transaction,
   optionally specify a mailbox associated with the identity that
   submitted the message to the mail delivery system.

   This extension includes a profile of the Simple Authentication and
   Security Layer (SASL) for SMTP.

   When compared to RFC 2554, this document deprecates use of the 538
   response code, adds a new Enhanced Status Code, adds a requirement to
   support SASLprep profile for preparing authorization identities,
   recommends use of RFC 3848 transmission types in the Received trace
   header field, and clarifies interaction with SMTP PIPELINING
   [PIPELINING] extension.

2.  How to Read This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [KEYWORDS].

   In examples, "C:" and "S:" indicate lines sent by the client and
   server, respectively.

Siemborski & Melnikov       Standards Track                     [Page 2]
RFC 4954       SMTP Service Extension for Authentication       July 2007

3.  The Authentication Service Extension

   1.  The name of this [SMTP] service extension is "Authentication".

   2.  The EHLO keyword value associated with this extension is "AUTH".

   3.  The AUTH EHLO keyword contains as a parameter a space-separated
       list of the names of available [SASL] mechanisms.  The list of
       available mechanisms MAY change after a successful STARTTLS
       command [SMTP-TLS].
Show full document text