Simple Authentication and Security Layer (SASL) Mechanisms
- Last Updated
- 2024-12-06
- Note
-
The Simple Authentication and Security Layer (SASL) [RFC4422] is a method for adding authentication support to connection-based protocols. To use this specification, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating a security layer for subsequent protocol interactions. The command has a required argument identifying a SASL mechanism. SASL mechanisms are named by strings, from 1 to 20 characters in length, consisting of upper-case letters, digits, hyphens, and/or underscores. SASL mechanism names must be registered with the IANA. Procedures for registering new SASL mechanisms are described in [RFC4422]. SASL mechanism names starting with "GS2-" are reserved for SASL mechanisms which conform to [RFC5801]. Registration procedures for SASL mechanism names starting with "SCRAM-" are defined in [RFC7677]. - Available Formats
-
XML
HTML
Plain text
Registries Included Below
SASL Mechanisms
- Registration Procedure(s)
-
First Come First Served for mechanisms. Expert Review with mailing list for family name registrations. For names beginning with "GS2-", see RFC 5801. For names beginning with "SCRAM-", see RFC7677.
- Expert(s)
-
Simon Josefsson
- Reference
- [RFC4422]
- Note
-
SASL mechanisms are named by character strings from 1 to 20 characters in length, consisting of ASCII uppercase letters, digits, hyphens, and/or underscores.
- Available Formats
-
CSV
| Mechanism | Usage | Reference | Owner |
|---|---|---|---|
| 9798-M-DSA-SHA1 | COMMON | [RFC3163] | [Robert_Zuccherato] |
| 9798-M-ECDSA-SHA1 | COMMON | [RFC3163] | [Robert_Zuccherato] |
| 9798-M-RSA-SHA1-ENC | COMMON | [RFC3163] | [Robert_Zuccherato] |
| 9798-U-DSA-SHA1 | COMMON | [RFC3163] | [Robert_Zuccherato] |
| 9798-U-ECDSA-SHA1 | COMMON | [RFC3163] | [Robert_Zuccherato] |
| 9798-U-RSA-SHA1-ENC | COMMON | [RFC3163] | [Robert_Zuccherato] |
| ANONYMOUS | COMMON | [RFC4505] | [IESG] |
| CRAM-MD5 | LIMITED | [RFC2195] | [IESG] |
| DIGEST-MD5 | OBSOLETE | [RFC6331] | [IESG] |
| EAP-AES128 | COMMON | [RFC7055] | [IESG] |
| EAP-AES128-PLUS | COMMON | [RFC7055] | [IESG] |
| ECDH-X25519-CHALLENGE[1] | LIMITED USE | [http://github.com/atheme/atheme/blob/master/modules/saslserv/ecdh-x25519-challenge.c] | [Simon_Ser] |
| ECDSA-NIST256P-CHALLENGE[1] | LIMITED USE | [http://github.com/kaniini/ecdsatool#mechanism-spec] | [Simon_Ser] |
| EXTERNAL | COMMON | [RFC4422] | [IESG] |
| GS2-* | COMMON | [RFC5801] | [IESG] |
| GS2-KRB5 | COMMON | [RFC5801] | [IESG] |
| GS2-KRB5-PLUS | COMMON | [RFC5801] | [IESG] |
| GSS-SPNEGO | LIMITED | [Paul_Leach] | [Paul_Leach] |
| GSSAPI | COMMON | [RFC4752] | [IESG] |
| KERBEROS_V4 | OBSOLETE | [RFC2222] | [IESG] |
| KERBEROS_V5 | COMMON | [Simon_Josefsson] | [Simon_Josefsson] |
| LOGIN | OBSOLETE | [draft-murchison-sasl-login-00] | [Kenneth_Murchison][Mark_R._Crispin] |
| NMAS_AUTHEN | LIMITED | [Mark_G._Gayman] | [Mark_G._Gayman] |
| NMAS_LOGIN | LIMITED | [Mark_G._Gayman] | [Mark_G._Gayman] |
| NMAS-SAMBA-AUTH | LIMITED | [Vince_Brimhall] | [Vince_Brimhall] |
| NTLM | LIMITED | [Paul_Leach] | [Paul_Leach] |
| OAUTH10A | COMMON | [RFC7628] | [IESG] |
| OAUTHBEARER | COMMON | [RFC7628] | [IESG] |
| OPENID20 | COMMON | [RFC6616] | [IESG] |
| OTP | COMMON | [RFC2444] | [IESG] |
| PLAIN | COMMON | [RFC4616] | [IESG] |
| SAML20 | COMMON | [RFC6595] | [IESG] |
| SCRAM-* | COMMON | [RFC7677] | [IESG] |
| SECURID | COMMON | [RFC2808] | [Magnus_Nystrom] |
| SKEY | OBSOLETE | [RFC2444] | [IESG] |
| SPNEGO | MUST NOT be used | [RFC5801] | [IESG] |
| SPNEGO-PLUS | MUST NOT be used | [RFC5801] | [IESG] |
| SXOVER-PLUS | COMMON | [draft-vanrein-diameter-sasl-06] | [Rick_van_Rein] |
| XOAUTH | OBSOLETE | [N/A] | [IESG] |
| XOAUTH2 | OBSOLETE | [N/A] | [IESG] |
SASL SCRAM Family Mechanisms
- Registration Procedure(s)
-
IETF Review with mailing list
- Reference
- [RFC7677]
- Available Formats
-
CSV
| Mechanism | Usage | Reference | Minimum iteration-count | Associated OID | Owner |
|---|---|---|---|---|---|
| SCRAM-SHA-1 | COMMON | [RFC5802][RFC7677] | 4096 | 1.3.6.1.5.5.14 | [IESG] |
| SCRAM-SHA-1-PLUS | COMMON | [RFC5802][RFC7677] | 4096 | 1.3.6.1.5.5.14 | [IESG] |
| SCRAM-SHA-256 | COMMON | [RFC7677] | 4096 | 1.3.6.1.5.5.18 | [IESG] |
| SCRAM-SHA-256-PLUS | COMMON | [RFC7677] | 4096 | 1.3.6.1.5.5.18 | [IESG] |
Contact Information
| ID | Name | Contact URI | Last Updated |
|---|---|---|---|
| [IESG] | IESG | mailto:iesg&ietf.org | |
| [Kenneth_Murchison] | Kenneth Murchison | mailto:ken&oceana.com | 2014-11-10 |
| [Magnus_Nystrom] | Magnus Nystrom | mailto:magnus&rsasecurity.com | |
| [Mark_G._Gayman] | Mark G. Gayman | mailto:mgayman&novell.com | 2000-09 |
| [Mark_R._Crispin] | Mark R. Crispin | mailto:MRC&CAC.Washington.EDU | 2014-11-10 |
| [Paul_Leach] | Paul Leach | mailto:paulleµsoft.com | 2000-06 |
| [Rick_van_Rein] | Rick van Rein | mailto:rick&openfortress.nl | 2022-03-16 |
| [Robert_Zuccherato] | Robert Zuccherato | mailto:robert.zuccherato&entrust.com | |
| [Simon_Josefsson] | Simon Josefsson | mailto:simon&josefsson.org | 2004-01 |
| [Simon_Ser] | Simon Ser | mailto:contact&emersion.fr | 2021-07-21 |
| [Vince_Brimhall] | Vince Brimhall | mailto:vbrimhall&novell.com | 2004-04 |
Footnote
| [1] |
Note that this name does not conform to the length restriction in [RFC4422]. |