Search RFCs

RFC Editor

File formats:

Status:

PROPOSED STANDARD

Updated by:

RFC 7677,RFC 9266

Authors:

C. Newman
A. Menon-Sen
A. Melnikov
N. Williams

Stream:

IETF

Source:

sasl (sec)

Cite this RFC:TXT  | XML  |  BibTeX

DOI:  https://doi.org/10.17487/RFC5802

Discuss this RFC: Send questions or comments to the mailing listkitten@ietf.org

Other actions:View Errata  | Submit Errata  | Find IPR Disclosures from the IETF  | View History of RFC 5802

Abstract

The secure authentication mechanism most widely deployed and used byInternet application protocols is the transmission of clear-textpasswords over a channel protected by Transport Layer Security (TLS).There are some significant security concerns with that mechanism,which could be addressed by the use of a challenge responseauthentication mechanism protected by TLS. Unfortunately, thechallenge response mechanisms presently on the standards track allfail to meet requirements necessary for widespread deployment, andhave had success only in limited use.

This specification describes a family of Simple Authentication andSecurity Layer (SASL; RFC 4422) authentication mechanisms called theSalted Challenge Response Authentication Mechanism (SCRAM), whichaddresses the security concerns and meets the deployabilityrequirements. When used in combination with TLS or an equivalentsecurity layer, a mechanism from this family could improve the statusquo for application protocol authentication and provide a suitablechoice for a mandatory-to-implement mechanism for future applicationprotocol standards. [STANDARDS-TRACK]

For the definition ofStatus,seeRFC 2026.

For the definition ofStream, seeRFC 8729.