SASL related documents

SASL mechanisms

SASL mechanism name Description Document Reference Authors

ANONYMOUS Anonymous SASL Mechanism RFC 2245 Chris Newman <chris.newman@innosoft.com>

PLAIN Plain login mechanism (single step) RFC 2595 Chris Newman <chris.newman@innosoft.com>

LOGIN Plain login mechanism (two step) No specification exists Mark Crispin <MRC@CAC.Washington.EDU>

CRAM-MD5 Challenge-Response Authentication Mechanism RFC 2195 John C. Klensin <klensin@mci.net>,
Randy Catoe <randy@mci.net>,
Paul Krumviede <paul@mci.net>

Revision of CRAM-MD5 draft-nerenberg-sasl-crammd5-01.txt Editor - Lyndon Nerenberg <lyndon@atg.aciworldwide.com>

OTP The One-Time-Password SASL Mechanism RFC 2444 Chris Newman <chris.newman@innosoft.com>

PASSDSS-3DES-1 DSS Secured Password Authentication Mechanism draft-newman-sasl-passdss-01.txt Chris Newman <chris.newman@innosoft.com>

SCRAM-MD5 Salted Challenge Response Authentication Mechanism (SCRAM) draft-newman-auth-scram-03.txt Chris Newman <chris.newman@innosoft.com>

DIGEST-MD5 Digest Authentication as a SASL Mechanism RFC 2831 Paul Leach <paulle@microsoft.com>,
Chris Newman <chris.newman@innosoft.com>

AES cipher for DIGEST-MD5 draft-melnikov-sasl-digest-aes-00.txt Alexey Melnikov <mel@messagingdirect.com>

GSSAPI
GSS-SPNEGO
SASL GSSAPI mechanisms:
GSSAPI is for Kerberos V5 GSSAPI
GSS-algorithm is for GSSAPI algorithm, other than Kerberos V5
draft-ietf-cat-sasl-gssapi-05.txt
Updates GSSAPI definition in RFC 2222
John G. Myers <jgmyers@netscape.com>

KERBEROS_V4 Kerberos V4 RFC 2222 John G. Myers <jgmyers@netscape.com>

SKEY S/KEY (defined in RFC 1760) One-Time-Password SASL that uses MD4 digest algorithm.
Obsoleted by OTP
RFC 2222 John G. Myers <jgmyers@netscape.com>

EXTERNAL Mechanism that verifies (PPP, IPSec, SSL/TLS, …) RFC 2222
Revision in draft-myers-saslrev-01.txt
John G. Myers <jgmyers@netscape.com>

X509-C-<algorithm>
X509-S-<algorithm>
X509-B-<algorithm>
X.509 Authentication SASL Mechanisms:

"X509-C-<algorithm>" for client authentication only

"X509-S-<algorithm>" for server authentication only

"X509-B-<algorithm>" for client and server authentication. In this case client authentication is done prior to server authentication.

draft-ietf-ldapext-x509-sasl-03.txt Steve Kille <Steve.Kille@messagingdirect.com>

ROAMING-ELGAMAL ROAMING-ELGAMAL SASL Authentication Mechanism draft-overell-roaming-elgamal-sasl-00.txt P. Overell <paulo@turnpike.com>

SECURID The SecurID(r) SASL Mechanism RFC 2808 Magnus Nystrom <magnus@rsa.com>,
John Brainard <jbrainard@rsa.com>

SRP
Secure Remote Password SASL Mechanism
draft-burdis-cat-srp-sasl-06.txt K.R. Burdis <cskb@cs.ru.ac.za>,
R. Naffah <raif@forge.com.au>

9798-U-<algorithm>
9798-M-<algorithm>

ISO/IEC 9798-3 Authentication SASL Mechanism. Mechanisms:

"9798-U-<algorithm>" for unilateral client authentication.

"9798-M-<algorithm>" for mutual authentication.

Currently defined <algorithm>s:

RSA-SHA1-ENC

DSA-SHA1

ECDSA-SHA1

RFC 3163 Robert Zuccherato <robert.zuccherato@entrust.com>
Magnus Nystrom <magnus@rsasecurity.com>

SM2-<SASL-mechanism-name> SM2 -- A Session Management Capable SASL Mechanism draft-naffah-cat-sasl-sm2-01.txt David Taylor <dtaylor@forge.com.au>
Raif S. Naffah <raif@forge.com.au>

NTLM Proprietary Microsoft authentication mechanism Registered by Paul Leach <paulle@microsoft.com>

NMAS_LOGIN, NMAS_AUTHEN ? Registered by Mark G. Gayman <mgayman@novell.com>

SASL profiles

Protocols	Document Reference	Authors
SMTP	RFC 2554	John G. Myers <jgmyers@netscape.com>
POP3	RFC 1734	John G. Myers <jgmyers@netscape.com>
IMAP4	RFC 2060 (see AUTHENTICATE command)	M. Crispin <MRC@CAC.Washington.EDU>
ACAP	RFC 2244	Chris Newman <chris.newman@innosoft.com>, John G. Myers <jgmyers@netscape.com>
BEEP	RFC 3080	Marshall T. Rose <mrose@invisible.net>
LDAP	LDAPv3 (RFC 2251)	Mark Wahl <M.Wahl@critical-angle.com>, Tim Howes <howes@netscape.com>, Steve Kille <Steve.Kille@messagingdirect.com>
LDAP	Authentication Methods for LDAP (RFC 2829)	M. Wahl <M.Wahl@innosoft.com> H. Alvestrand <Harald@Alvestrand.no> J. Hodges <JHodges@oblix.com> R. Morgan <rlmorgan@washington.edu>
NNTP	Draft expired	Chris Newman <chris.newman@innosoft.com>
Telnet	Draft expired	Chris Newman <chris.newman@innosoft.com>
HTTP	draft-nystrom-http-sasl-02.txt	Magnus Nystrom <magnus@rsasecurity.com> Alexey Melnikov <mel@messagingdirect.com> Robert Zuccherato <robert.zuccherato@entrust.com>
HTTP (alternative proposal)	draft-burdis-http-sasl-00.html	K.R. Burdis <keith@rucus.ru.ac.za>

SASL APIs

Language	Document Reference	Authors
Java	draft-weltman-java-sasl-04.txt	Rob Weltman <rweltman@netscape.com> Rosanna Lee <rosanna.lee@eng.sun.com>

Please, don't send general questions like "What is SASL?" to authors of SASL mechanism documents.
They are busy people.

I want to see IETF standard related pages

If you want to add/update information, send me email

List composed by Alexey Melnikov. Feel free to send me comments, corrections and additions to this list.
Information published on this page is for developers use only. It is prohibited to use this information for commercial purposes.

Last updated 29 April 2002

Thank you to Claus Assmann <ca at sendmail.org> for hosting my technical pages

SASL mechanism name	Description	Document Reference	Authors

*ANONYMOUS*	Anonymous SASL Mechanism	RFC 2245	Chris Newman <chris.newman@innosoft.com>
*PLAIN*	Plain login mechanism (single step)	RFC 2595	Chris Newman <chris.newman@innosoft.com>
*LOGIN*	Plain login mechanism (two step)	No specification exists	Mark Crispin <MRC@CAC.Washington.EDU>

*CRAM-MD5*	Challenge-Response Authentication Mechanism	RFC 2195	John C. Klensin <klensin@mci.net>, Randy Catoe <randy@mci.net>, Paul Krumviede <paul@mci.net>
		Revision of CRAM-MD5 draft-nerenberg-sasl-crammd5-01.txt	Editor - Lyndon Nerenberg <lyndon@atg.aciworldwide.com>
*OTP*	The One-Time-Password SASL Mechanism	RFC 2444	Chris Newman <chris.newman@innosoft.com>
*PASSDSS-3DES-1*	DSS Secured Password Authentication Mechanism	draft-newman-sasl-passdss-01.txt	Chris Newman <chris.newman@innosoft.com>
*SCRAM-MD5*	Salted Challenge Response Authentication Mechanism (SCRAM)	draft-newman-auth-scram-03.txt	Chris Newman <chris.newman@innosoft.com>
*DIGEST-MD5*	Digest Authentication as a SASL Mechanism	RFC 2831	Paul Leach <paulle@microsoft.com>, Chris Newman <chris.newman@innosoft.com>
		AES cipher for DIGEST-MD5 draft-melnikov-sasl-digest-aes-00.txt	Alexey Melnikov <mel@messagingdirect.com>
*GSSAPI* *GSS-SPNEGO*	SASL GSSAPI mechanisms: GSSAPI is for Kerberos V5 GSSAPI GSS-algorithm is for GSSAPI algorithm, other than Kerberos V5	draft-ietf-cat-sasl-gssapi-05.txt Updates GSSAPI definition in RFC 2222	John G. Myers <jgmyers@netscape.com>
*KERBEROS_V4*	Kerberos V4	RFC 2222	John G. Myers <jgmyers@netscape.com>
*SKEY*	S/KEY (defined in RFC 1760) One-Time-Password SASL that uses MD4 digest algorithm. Obsoleted by *OTP*	RFC 2222	John G. Myers <jgmyers@netscape.com>
*EXTERNAL*	Mechanism that verifies (PPP, IPSec, SSL/TLS, …)	RFC 2222 Revision in draft-myers-saslrev-01.txt	John G. Myers <jgmyers@netscape.com>
*X509-C-<algorithm>* *X509-S-<algorithm>* *X509-B-<algorithm>*	X.509 Authentication SASL Mechanisms: "X509-C-<algorithm>" for client authentication only "X509-S-<algorithm>" for server authentication only "X509-B-<algorithm>" for client and server authentication. In this case client authentication is done prior to server authentication.	draft-ietf-ldapext-x509-sasl-03.txt	Steve Kille <Steve.Kille@messagingdirect.com>
*ROAMING-ELGAMAL*	ROAMING-ELGAMAL SASL Authentication Mechanism	draft-overell-roaming-elgamal-sasl-00.txt	P. Overell <paulo@turnpike.com>
*SECURID*	The SecurID(r) SASL Mechanism	RFC 2808	Magnus Nystrom <magnus@rsa.com>, John Brainard <jbrainard@rsa.com>
*SRP*	Secure Remote Password SASL Mechanism	draft-burdis-cat-srp-sasl-06.txt	K.R. Burdis <cskb@cs.ru.ac.za>, R. Naffah <raif@forge.com.au>
*9798-U-<algorithm>* *9798-M-<algorithm>*	ISO/IEC 9798-3 Authentication SASL Mechanism. Mechanisms: "9798-U-<algorithm>" for unilateral client authentication. "9798-M-<algorithm>" for mutual authentication. Currently defined <algorithm>s: RSA-SHA1-ENC DSA-SHA1 ECDSA-SHA1	RFC 3163	Robert Zuccherato <robert.zuccherato@entrust.com> Magnus Nystrom <magnus@rsasecurity.com>
SM2-<SASL-mechanism-name>	SM2 -- A Session Management Capable SASL Mechanism	draft-naffah-cat-sasl-sm2-01.txt	David Taylor <dtaylor@forge.com.au> Raif S. Naffah <raif@forge.com.au>
NTLM	Proprietary Microsoft authentication mechanism		Registered by Paul Leach <paulle@microsoft.com>
NMAS_LOGIN, NMAS_AUTHEN	?		Registered by Mark G. Gayman <mgayman@novell.com>