Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms
RFC 5802

Received changes through RFC Editor sync (changed abstract to 'The secure authentication mechanism most widely deployed and used by Internet application protocols is the transmission of clear-text passwords over a channel protected by Transport Layer Security (TLS). There are some significant security concerns with that mechanism, which could be addressed by the use of a challenge response authentication mechanism protected by TLS. Unfortunately, the challenge response mechanisms presently on the standards track all fail to meet requirements necessary for widespread deployment, and have had success only in limited use.

This specification describes a family of Simple Authentication and Security Layer (SASL; RFC 4422) authentication mechanisms called the Salted Challenge Response Authentication Mechanism (SCRAM), which addresses the security concerns and meets the deployability requirements. When used in combination with TLS or an equivalent security layer, a mechanism from this family could improve the status quo for application protocol authentication and provide a suitable choice for a mandatory-to-implement mechanism for future application protocol standards. [STANDARDS-TRACK]')

[Ballot comment]
Trivial editorial nit...

Section 3, 4th para:

  Informative Note: Implementors are encouraged to create test cases
  that use both username passwords with non-ASCII codepoints.

change to "username and passwords"

IANA comments:

Action 1:

Upon approval of this document, IANA will make the following
assignments in the "SIMPLE AUTHENTICATION AND SECURITY LAYER
(SASL) MECHANISMS" registry at
http://www.iana.org/assignments/sasl-mechanisms

Note: SCRAM-* mechanisms allocated via IETF Review

MECHANISMS USAGE REFERENCE OWNER
---------- ----- --------- -----
SCRAM-* COMMON [RFC-sasl-scram-07] IETF SASL WG
SCRAM-SHA-1 COMMON [RFC-sasl-scram-07] IETF SASL WG
SCRAM-SHA-1-PLUS COMMON [RFC-sasl-scram-07] IETF SASL WG


Action 2:

Upon approval of this document, IANA will make the following
assignment in "iso.org.dod.internet.security.mechanisms (1.3.6.1.5.5)" at
http://www.iana.org/assignments/smi-numbers

Decimal Name Description References
------- ---- ------------------------------------ ----------
TBD scram Salted Challenge Response [RFC-sasl-scram-07]


We understand the above to be the only IANA Actions for this document.

(1.a)  Who is the Document Shepherd for this document?  Has the
        Document Shepherd personally reviewed this version of the
        document and, in particular, does he or she believe this
        version is ready for forwarding to the IESG for publication?

Simon Josefsson  is the document shepherd for
this document.  The document is ready for publication.

(1.b)  Has the document had adequate review both from key WG members
        and from key non-WG members?  Does the Document Shepherd have
        any concerns about the depth or breadth of the reviews that
        have been performed?

This document was reviewed by several active and experienced SASL WG
members.
So there are no concerns about the depth of the reviews.

(1.c)  Does the Document Shepherd have concerns that the document
        needs more review from a particular or broader perspective,
        e.g., security, operational complexity, someone familiar with
        AAA, internationalization or XML?

No concerns.

(1.d)  Does the Document Shepherd have any specific concerns or
        issues with this document that the Responsible Area Director
        and/or the IESG should be aware of?  For example, perhaps he
        or she is uncomfortable with certain parts of the  document, or
        has concerns whether there really is a need for it.  In any
        event, if the WG has discussed those issues and has indicated
        that it still wishes to advance the document, detail those
        concerns here.  Has an IPR disclosure related to this  document
        been filed?  If so, please include a reference to the
        disclosure and summarize the WG discussion and conclusion on
        this issue.

No specific concerns.  No IPR disclosure was filed for this document.

(1.e)  How solid is the WG consensus behind this document?  Does it
        represent the strong concurrence of a few individuals, with
        others being silent, or does the WG as a whole understand and
        agree with it?

There is solid WG consensus behind the document.

(1.f)  Has anyone threatened an appeal or otherwise indicated  extreme
        discontent?  If so, please summarise the areas of conflict in
        separate email messages to the Responsible Area Director.  (It
        should be in a separate email because this questionnaire is
        entered into the ID Tracker.)
No.

(1.g)  Has the Document Shepherd personally verified that the
        document satisfies all ID nits?  (See
        http://www.ietf.org/ID-Checklist.html and
        http://tools.ietf.org/tools/idnits/).  Boilerplate checks are
        not enough; this check needs to be thorough.  Has the  document
        met all formal review criteria it needs to, such as the MIB
        Doctor, media type and URI type reviews?

idnits 2.11.12 was used to verify the document.  It reports some
missing references, but all appears to be errors in the tool.

(1.h)  Has the document split its references into normative and
        informative?  Are there normative references to documents  that
        are not ready for advancement or are otherwise in an unclear
        state?  If such normative references exist, what is the
        strategy for their completion?  Are there normative  references
        that are downward references, as described in [RFC3967]?  If
        so, list these downward references to support the Area
        Director in the Last Call procedure for them [RFC3967].

The references are split between normative and informative, but also
separates the normative references for GSS-API implementers with the
intention that non-GSS-API implementers do not have to read the
GSS-API normative references.

There is one downward normative reference to an IANA registration:

  [tls-unique]
              Zhu, L., "Registration of TLS unique channel binding
              (generic)", IANA http://www.iana.org/assignments/
              channel-binding-types/tls-unique, July 2008.

The IANA page contains information that needs to be read by
implementers.  The same information is available in
draft-altman-tls-channel-bindings-05 and the WG considered waiting for
that document to be published, but preferred to downref the IANA page
instead and added an informative reference to the I-D.  This downref
needs to be mentioned in the IETF last call.

(1.i)  Has the Document Shepherd verified that the document IANA
        consideration section exists and is consistent with the body
        of the document?  If the document specifies protocol
        extensions, are reservations requested in appropriate IANA
        registries?  Are the IANA registries clearly identified?  If
        the document creates a new registry, does it define the
        proposed initial contents of the registry and an allocation
        procedure for future registrations?  Does it suggest a
        reasonable name for the new registry?  See [RFC2434].  If the
        document describes an Expert Review process has Shepherd
        conferred with the Responsible Area Director so that the IESG
        can appoint the needed Expert during the IESG Evaluation?

IANA considerations section exists.  The document defines and
registers a SASL mechanism family.

(1.j)  Has the Document Shepherd verified that sections of the
        document that are written in a formal language, such as XML
        code, BNF rules, MIB definitions, etc., validate correctly in
        an automated checker?

The document contains ABNF rules which passes Bill Fenner's ABNF
Parser.  (The tool complains about a missing OCTET symbol, but that is
defined by RFC 5234 so it appears to be a tool limitiation.)

(1.k)  The IESG approval announcement includes a Document
        Announcement Write-Up.  Please provide such a Document
        Announcement Write-Up?  Recent examples can be found in the
        "Action" announcements for approved documents.  The approval
        announcement contains the following sections:

        Technical Summary
          Relevant content can frequently be found in the abstract
          and/or introduction of the document.  If not, this may be
          an indication that there are deficiencies in the abstract
          or introduction.

  The secure authentication mechanism most widely deployed and used by
  Internet application protocols is the transmission of clear-text
  passwords over a channel protected by Transport Layer Security (TLS).
  There are some significant security concerns with that mechanism,
  which could be addressed by the use of a challenge response
  authentication mechanism protected by TLS.  Unfortunately, the
  challenge response mechanisms presently on the standards track all
  fail to meet requirements necessary for widespread deployment, and
  have had success only in limited use.

  This specification describes a family of Simple Authentication and
  Security Layer (SASL, RFC 4422) authentication mechanisms called the
  Salted Challenge Response Authentication Mechanism (SCRAM), which
  addresses the security concerns and meets the deployability
  requirements.  When used in combination with TLS or an equivalent
  security layer, a mechanism from this family could improve the
  status-quo for application protocol authentication and provide a
  suitable choice for a mandatory-to-implement mechanism for future
  application protocol standards.

        Working Group Summary
          Was there anything in WG process that is worth noting?  For
          example, was there controversy about particular points or
          were there decisions where the consensus was particularly
          rough?

There were significant and long discussions over several design
choices, worth mentioning are:

1) Hash function.  The decision was to define a SASL mechanism family
to allow for future extension, but not register it as a family in the
IANA registry.  The decision is to use HMAC-SHA-1 as the initial
default, and to register SCRAM-SHA-1* the mechanism name.  The
alternatives considered were HMAC-MD5 and HMAC-SHA-2.  HMAC-SHA-1 was
the compromise proposal.  I believe that today this approach has
strong support in the WG.

2) Channel binding type negotiation.  After long considerations, it
was decided to leave channel binding type negotiation external to
SCRAM and to provide a default of tls-unique.  This simplify the
design and makes it easy to implement in popular configurations (i.e.,
together with TLS).  I believe that today this approach has strong
support in the WG.

3) IANA policy.  Two aspects have been considered.  First, whether to
actually register a SASL mechanism family or just define a family and
register the two family members as separate mechanism names.  The
conclusion has been to register a family.  Secondly, the registration
policy has been discussed.  My impression is that nobody feels
strongly about the issue but there are minor concerns that is now
hopefully sufficiently well addressed.

        Document Quality
          Are there existing implementations of the protocol?  Have a
          significant number of vendors indicated their plan to
          implement the specification?  Are there any reviewers that
          merit special mention as having done a thorough review,
          e.g., one that resulted in important changes or a
          conclusion that the document had no substantive  issues?  If
          there was a MIB Doctor, Media Type or other expert review,
          what was its course (briefly)?  In the case of a Media  Type
          review, on what date was the request posted?

There are several early experimental implementations and more
implementers are interested.

        Personnel
          Who is the Document Shepherd for this document?  Who is  the
          Responsible Area Director?

Simon Josefsson  is the document shepherd for
this document.