Simple Authentication and Security Layer (SASL) Mechanisms
- Last Updated
- 2024-12-06
- Note
-
The Simple Authentication and Security Layer (SASL) [RFC4422] is a method for adding authentication support to connection-based protocols. To use this specification, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating a security layer for subsequent protocol interactions. The command has a required argument identifying a SASL mechanism. SASL mechanisms are named by strings, from 1 to 20 characters in length, consisting of upper-case letters, digits, hyphens, and/or underscores. SASL mechanism names must be registered with the IANA. Procedures for registering new SASL mechanisms are described in [RFC4422]. SASL mechanism names starting with "GS2-" are reserved for SASL mechanisms which conform to [RFC5801]. Registration procedures for SASL mechanism names starting with "SCRAM-" are defined in [RFC7677].
- Available Formats
-
XML
HTML
Plain text
Registries included below
SASL Mechanisms
- Registration Procedure(s)
-
First Come First Served for mechanisms. Expert Review with mailing list for family name registrations. For names beginning with "GS2-", see RFC 5801. For names beginning with "SCRAM-", see RFC7677.
- Expert(s)
-
Simon Josefsson
- Reference
- [RFC4422]
- Note
-
SASL mechanisms are named by character strings from 1 to 20 characters in length, consisting of ASCII uppercase letters, digits, hyphens, and/or underscores.
- Available Formats
-
CSV
Mechanism | Usage | Reference | Owner |
---|---|---|---|
9798-M-DSA-SHA1 | COMMON | [RFC3163] | [Robert_Zuccherato] |
9798-M-ECDSA-SHA1 | COMMON | [RFC3163] | [Robert_Zuccherato] |
9798-M-RSA-SHA1-ENC | COMMON | [RFC3163] | [Robert_Zuccherato] |
9798-U-DSA-SHA1 | COMMON | [RFC3163] | [Robert_Zuccherato] |
9798-U-ECDSA-SHA1 | COMMON | [RFC3163] | [Robert_Zuccherato] |
9798-U-RSA-SHA1-ENC | COMMON | [RFC3163] | [Robert_Zuccherato] |
ANONYMOUS | COMMON | [RFC4505] | [IESG] |
CRAM-MD5 | LIMITED | [RFC2195] | [IESG] |
DIGEST-MD5 | OBSOLETE | [RFC6331] | [IESG] |
EAP-AES128 | COMMON | [RFC7055] | [IESG] |
EAP-AES128-PLUS | COMMON | [RFC7055] | [IESG] |
ECDH-X25519-CHALLENGE[1] | LIMITED USE | [https://github.com/atheme/atheme/blob/master/modules/saslserv/ecdh-x25519-challenge.c] | [Simon_Ser] |
ECDSA-NIST256P-CHALLENGE[1] | LIMITED USE | [https://github.com/kaniini/ecdsatool#mechanism-spec] | [Simon_Ser] |
EXTERNAL | COMMON | [RFC4422] | [IESG] |
GS2-* | COMMON | [RFC5801] | [IESG] |
GS2-KRB5 | COMMON | [RFC5801] | [IESG] |
GS2-KRB5-PLUS | COMMON | [RFC5801] | [IESG] |
GSS-SPNEGO | LIMITED | [Paul_Leach] | [Paul_Leach] |
GSSAPI | COMMON | [RFC4752] | [IESG] |
KERBEROS_V4 | OBSOLETE | [RFC2222] | [IESG] |
KERBEROS_V5 | COMMON | [Simon_Josefsson] | [Simon_Josefsson] |
LOGIN | OBSOLETE | [draft-murchison-sasl-login-00] | [Kenneth_Murchison][Mark_R._Crispin] |
NMAS_AUTHEN | LIMITED | [Mark_G._Gayman] | [Mark_G._Gayman] |
NMAS_LOGIN | LIMITED | [Mark_G._Gayman] | [Mark_G._Gayman] |
NMAS-SAMBA-AUTH | LIMITED | [Vince_Brimhall] | [Vince_Brimhall] |
NTLM | LIMITED | [Paul_Leach] | [Paul_Leach] |
OAUTH10A | COMMON | [RFC7628] | [IESG] |
OAUTHBEARER | COMMON | [RFC7628] | [IESG] |
OPENID20 | COMMON | [RFC6616] | [IESG] |
OTP | COMMON | [RFC2444] | [IESG] |
PLAIN | COMMON | [RFC4616] | [IESG] |
SAML20 | COMMON | [RFC6595] | [IESG] |
SCRAM-* | COMMON | [RFC7677] | [IESG] |
SECURID | COMMON | [RFC2808] | [Magnus_Nystrom] |
SKEY | OBSOLETE | [RFC2444] | [IESG] |
SPNEGO | MUST NOT be used | [RFC5801] | [IESG] |
SPNEGO-PLUS | MUST NOT be used | [RFC5801] | [IESG] |
SXOVER-PLUS | COMMON | [draft-vanrein-diameter-sasl-06] | [Rick_van_Rein] |
XOAUTH | OBSOLETE | [N/A] | [IESG] |
XOAUTH2 | OBSOLETE | [N/A] | [IESG] |
SASL SCRAM Family Mechanisms
- Registration Procedure(s)
-
IETF Review with mailing list
- Reference
- [RFC7677]
- Available Formats
-
CSV
Mechanism | Usage | Reference | Minimum iteration-count | Associated OID | Owner |
---|---|---|---|---|---|
SCRAM-SHA-1 | COMMON | [RFC5802][RFC7677] | 4096 | 1.3.6.1.5.5.14 | [IESG] |
SCRAM-SHA-1-PLUS | COMMON | [RFC5802][RFC7677] | 4096 | 1.3.6.1.5.5.14 | [IESG] |
SCRAM-SHA-256 | COMMON | [RFC7677] | 4096 | 1.3.6.1.5.5.18 | [IESG] |
SCRAM-SHA-256-PLUS | COMMON | [RFC7677] | 4096 | 1.3.6.1.5.5.18 | [IESG] |
Contact Information
ID | Name | Contact URI | Last Updated |
---|---|---|---|
[IESG] | IESG | mailto:iesg&ietf.org | |
[Kenneth_Murchison] | Kenneth Murchison | mailto:ken&oceana.com | 2014-11-10 |
[Magnus_Nystrom] | Magnus Nystrom | mailto:magnus&rsasecurity.com | |
[Mark_G._Gayman] | Mark G. Gayman | mailto:mgayman&novell.com | 2000-09 |
[Mark_R._Crispin] | Mark R. Crispin | mailto:MRC&CAC.Washington.EDU | 2014-11-10 |
[Paul_Leach] | Paul Leach | mailto:paulleµsoft.com | 2000-06 |
[Rick_van_Rein] | Rick van Rein | mailto:rick&openfortress.nl | 2022-03-16 |
[Robert_Zuccherato] | Robert Zuccherato | mailto:robert.zuccherato&entrust.com | |
[Simon_Josefsson] | Simon Josefsson | mailto:simon&josefsson.org | 2004-01 |
[Simon_Ser] | Simon Ser | mailto:contact&emersion.fr | 2021-07-21 |
[Vince_Brimhall] | Vince Brimhall | mailto:vbrimhall&novell.com | 2004-04 |
Footnote
[1] |
Note that this name does not conform to the length restriction in [RFC4422]. |