rev |
line source |
yuuji@0
|
1
|
yuuji@0
|
2
|
yuuji@0
|
3
|
yuuji@0
|
4
|
yuuji@0
|
5
|
yuuji@0
|
6
|
yuuji@0
|
7 Network Working Group A. Melnikov, Ed.
|
yuuji@0
|
8 Request for Comments: 4422 Isode Limited
|
yuuji@0
|
9 Obsoletes: 2222 K. Zeilenga, Ed.
|
yuuji@0
|
10 Category: Standards Track OpenLDAP Foundation
|
yuuji@0
|
11 June 2006
|
yuuji@0
|
12
|
yuuji@0
|
13
|
yuuji@0
|
14 Simple Authentication and Security Layer (SASL)
|
yuuji@0
|
15
|
yuuji@0
|
16 Status of This Memo
|
yuuji@0
|
17
|
yuuji@0
|
18 This document specifies an Internet standards track protocol for the
|
yuuji@0
|
19 Internet community, and requests discussion and suggestions for
|
yuuji@0
|
20 improvements. Please refer to the current edition of the "Internet
|
yuuji@0
|
21 Official Protocol Standards" (STD 1) for the standardization state
|
yuuji@0
|
22 and status of this protocol. Distribution of this memo is unlimited.
|
yuuji@0
|
23
|
yuuji@0
|
24 Copyright Notice
|
yuuji@0
|
25
|
yuuji@0
|
26 Copyright (C) The Internet Society (2006).
|
yuuji@0
|
27
|
yuuji@0
|
28 Abstract
|
yuuji@0
|
29
|
yuuji@0
|
30 The Simple Authentication and Security Layer (SASL) is a framework
|
yuuji@0
|
31 for providing authentication and data security services in
|
yuuji@0
|
32 connection-oriented protocols via replaceable mechanisms. It
|
yuuji@0
|
33 provides a structured interface between protocols and mechanisms.
|
yuuji@0
|
34 The resulting framework allows new protocols to reuse existing
|
yuuji@0
|
35 mechanisms and allows old protocols to make use of new mechanisms.
|
yuuji@0
|
36 The framework also provides a protocol for securing subsequent
|
yuuji@0
|
37 protocol exchanges within a data security layer.
|
yuuji@0
|
38
|
yuuji@0
|
39 This document describes how a SASL mechanism is structured, describes
|
yuuji@0
|
40 how protocols include support for SASL, and defines the protocol for
|
yuuji@0
|
41 carrying a data security layer over a connection. In addition, this
|
yuuji@0
|
42 document defines one SASL mechanism, the EXTERNAL mechanism.
|
yuuji@0
|
43
|
yuuji@0
|
44 This document obsoletes RFC 2222.
|
yuuji@0
|
45
|
yuuji@0
|
46
|
yuuji@0
|
47
|
yuuji@0
|
48
|
yuuji@0
|
49
|
yuuji@0
|
50
|
yuuji@0
|
51
|
yuuji@0
|
52
|
yuuji@0
|
53
|
yuuji@0
|
54
|
yuuji@0
|
55
|
yuuji@0
|
56
|
yuuji@0
|
57
|
yuuji@0
|
58 Melnikov & Zeilenga Standards Track [Page 1]
|
yuuji@0
|
59
|
yuuji@0
|
60 RFC 4422 SASL June 2006
|
yuuji@0
|
61
|
yuuji@0
|
62
|
yuuji@0
|
63 Table of Contents
|
yuuji@0
|
64
|
yuuji@0
|
65 1. Introduction ....................................................3
|
yuuji@0
|
66 1.1. Document Audiences .........................................4
|
yuuji@0
|
67 1.2. Relationship to Other Documents ............................4
|
yuuji@0
|
68 1.3. Conventions ................................................5
|
yuuji@0
|
69 2. Identity Concepts ...............................................5
|
yuuji@0
|
70 3. The Authentication Exchange .....................................6
|
yuuji@0
|
71 3.1. Mechanism Naming ...........................................8
|
yuuji@0
|
72 3.2. Mechanism Negotiation ......................................9
|
yuuji@0
|
73 3.3. Request Authentication Exchange ............................9
|
yuuji@0
|
74 3.4. Challenges and Responses ...................................9
|
yuuji@0
|
75 3.4.1. Authorization Identity String ......................10
|
yuuji@0
|
76 3.5. Aborting Authentication Exchanges .........................10
|
yuuji@0
|
77 3.6. Authentication Outcome ....................................11
|
yuuji@0
|
78 3.7. Security Layers ...........................................12
|
yuuji@0
|
79 3.8. Multiple Authentications ..................................12
|
yuuji@0
|
80 4. Protocol Requirements ..........................................13
|
yuuji@0
|
81 5. Mechanism Requirements .........................................16
|
yuuji@0
|
82 6. Security Considerations ........................................18
|
yuuji@0
|
83 6.1. Active Attacks ............................................19
|
yuuji@0
|
84 6.1.1. Hijack Attacks .....................................19
|
yuuji@0
|
85 6.1.2. Downgrade Attacks ..................................19
|
yuuji@0
|
86 6.1.3. Replay Attacks .....................................20
|
yuuji@0
|
87 6.1.4. Truncation Attacks .................................20
|
yuuji@0
|
88 6.1.5. Other Active Attacks ...............................20
|
yuuji@0
|
89 6.2. Passive Attacks ...........................................20
|
yuuji@0
|
90 6.3. Re-keying .................................................21
|
yuuji@0
|
91 6.4. Other Considerations ......................................21
|
yuuji@0
|
92 7. IANA Considerations ............................................22
|
yuuji@0
|
93 7.1. SASL Mechanism Registry ...................................22
|
yuuji@0
|
94 7.2. Registration Changes ......................................26
|
yuuji@0
|
95 8. References .....................................................26
|
yuuji@0
|
96 8.1. Normative References ......................................26
|
yuuji@0
|
97 8.2. Informative References ....................................27
|
yuuji@0
|
98 9. Acknowledgements ...............................................28
|
yuuji@0
|
99 Appendix A. The SASL EXTERNAL Mechanism ..........................29
|
yuuji@0
|
100 A.1. EXTERNAL Technical Specification ..........................29
|
yuuji@0
|
101 A.2. SASL EXTERNAL Examples ....................................30
|
yuuji@0
|
102 A.3. Security Considerations ...................................31
|
yuuji@0
|
103 Appendix B. Changes since RFC 2222 ...............................31
|
yuuji@0
|
104
|
yuuji@0
|
105
|
yuuji@0
|
106
|
yuuji@0
|
107
|
yuuji@0
|
108
|
yuuji@0
|
109
|
yuuji@0
|
110
|
yuuji@0
|
111
|
yuuji@0
|
112
|
yuuji@0
|
113
|
yuuji@0
|
114 Melnikov & Zeilenga Standards Track [Page 2]
|
yuuji@0
|
115
|
yuuji@0
|
116 RFC 4422 SASL June 2006
|
yuuji@0
|
117
|
yuuji@0
|
118
|
yuuji@0
|
119 1. Introduction
|
yuuji@0
|
120
|
yuuji@0
|
121 The Simple Authentication and Security Layer (SASL) is a framework
|
yuuji@0
|
122 for providing authentication and data security services in
|
yuuji@0
|
123 connection-oriented protocols via replaceable mechanisms. SASL
|
yuuji@0
|
124 provides a structured interface between protocols and mechanisms.
|
yuuji@0
|
125 SASL also provides a protocol for securing subsequent protocol
|
yuuji@0
|
126 exchanges within a data security layer. The data security layer can
|
yuuji@0
|
127 provide data integrity, data confidentiality, and other services.
|
yuuji@0
|
128
|
yuuji@0
|
129 SASL's design is intended to allow new protocols to reuse existing
|
yuuji@0
|
130 mechanisms without requiring redesign of the mechanisms and allows
|
yuuji@0
|
131 existing protocols to make use of new mechanisms without redesign of
|
yuuji@0
|
132 protocols.
|
yuuji@0
|
133
|
yuuji@0
|
134 SASL is conceptually a framework that provides an abstraction layer
|
yuuji@0
|
135 between protocols and mechanisms as illustrated in the following
|
yuuji@0
|
136 diagram.
|
yuuji@0
|
137
|
yuuji@0
|
138 SMTP LDAP XMPP Other protocols ...
|
yuuji@0
|
139 \ | | /
|
yuuji@0
|
140 \ | | /
|
yuuji@0
|
141 SASL abstraction layer
|
yuuji@0
|
142 / | | \
|
yuuji@0
|
143 / | | \
|
yuuji@0
|
144 EXTERNAL GSSAPI PLAIN Other mechanisms ...
|
yuuji@0
|
145
|
yuuji@0
|
146 It is through the interfaces of this abstraction layer that the
|
yuuji@0
|
147 framework allows any protocol to utilize any mechanism. While this
|
yuuji@0
|
148 layer does generally hide the particulars of protocols from
|
yuuji@0
|
149 mechanisms and the particulars of mechanisms from protocols, this
|
yuuji@0
|
150 layer does not generally hide the particulars of mechanisms from
|
yuuji@0
|
151 protocol implementations. For example, different mechanisms require
|
yuuji@0
|
152 different information to operate, some of them use password-based
|
yuuji@0
|
153 authentication, some of then require realm information, others make
|
yuuji@0
|
154 use of Kerberos tickets, certificates, etc. Also, in order to
|
yuuji@0
|
155 perform authorization, server implementations generally have to
|
yuuji@0
|
156 implement identity mapping between authentication identities, whose
|
yuuji@0
|
157 form is mechanism specific, and authorization identities, whose form
|
yuuji@0
|
158 is application protocol specific. Section 2 discusses identity
|
yuuji@0
|
159 concepts.
|
yuuji@0
|
160
|
yuuji@0
|
161 It is possible to design and implement this framework in ways that do
|
yuuji@0
|
162 abstract away particulars of similar mechanisms. Such a framework
|
yuuji@0
|
163 implementation, as well as mechanisms implementations, could be
|
yuuji@0
|
164 designed not only to be shared by multiple implementations of a
|
yuuji@0
|
165 particular protocol but to be shared by implementations of multiple
|
yuuji@0
|
166 protocols.
|
yuuji@0
|
167
|
yuuji@0
|
168
|
yuuji@0
|
169
|
yuuji@0
|
170 Melnikov & Zeilenga Standards Track [Page 3]
|
yuuji@0
|
171
|
yuuji@0
|
172 RFC 4422 SASL June 2006
|
yuuji@0
|
173
|
yuuji@0
|
174
|
yuuji@0
|
175 The framework incorporates interfaces with both protocols and
|
yuuji@0
|
176 mechanisms in which authentication exchanges are carried out.
|
yuuji@0
|
177 Section 3 discusses SASL authentication exchanges.
|
yuuji@0
|
178
|
yuuji@0
|
179 To use SASL, each protocol (amongst other items) provides a method
|
yuuji@0
|
180 for identifying which mechanism is to be used, a method for exchange
|
yuuji@0
|
181 of mechanism-specific server-challenges and client-responses, and a
|
yuuji@0
|
182 method for communicating the outcome of the authentication exchange.
|
yuuji@0
|
183 Section 4 discusses SASL protocol requirements.
|
yuuji@0
|
184
|
yuuji@0
|
185 Each SASL mechanism defines (amongst other items) a series of
|
yuuji@0
|
186 server-challenges and client-responses that provide authentication
|
yuuji@0
|
187 services and negotiate data security services. Section 5 discusses
|
yuuji@0
|
188 SASL mechanism requirements.
|
yuuji@0
|
189
|
yuuji@0
|
190 Section 6 discusses security considerations. Section 7 discusses
|
yuuji@0
|
191 IANA considerations. Appendix A defines the SASL EXTERNAL mechanism.
|
yuuji@0
|
192
|
yuuji@0
|
193 1.1. Document Audiences
|
yuuji@0
|
194
|
yuuji@0
|
195 This document is written to serve several different audiences:
|
yuuji@0
|
196
|
yuuji@0
|
197 - protocol designers using this specification to support
|
yuuji@0
|
198 authentication in their protocol,
|
yuuji@0
|
199
|
yuuji@0
|
200 - mechanism designers that define new SASL mechanisms, and
|
yuuji@0
|
201
|
yuuji@0
|
202 - implementors of clients or servers for those protocols that
|
yuuji@0
|
203 support SASL.
|
yuuji@0
|
204
|
yuuji@0
|
205 While the document organization is intended to allow readers to focus
|
yuuji@0
|
206 on details relevant to their engineering, readers are encouraged to
|
yuuji@0
|
207 read and understand all aspects of this document.
|
yuuji@0
|
208
|
yuuji@0
|
209 1.2. Relationship to Other Documents
|
yuuji@0
|
210
|
yuuji@0
|
211 This document obsoletes RFC 2222. It replaces all portions of RFC
|
yuuji@0
|
212 2222 excepting sections 7.1 (the KERBEROS_IV mechanism), 7.2 (the
|
yuuji@0
|
213 GSSAPI mechanism), 7.3 (the SKEY mechanism). The KERBEROS_IV and
|
yuuji@0
|
214 SKEY mechanisms are now viewed as obsolete and their specifications
|
yuuji@0
|
215 provided in RFC 2222 are Historic. The GSSAPI mechanism is now
|
yuuji@0
|
216 separately specified [SASL-GSSAPI].
|
yuuji@0
|
217
|
yuuji@0
|
218 Appendix B provides a summary of changes since RFC 2222.
|
yuuji@0
|
219
|
yuuji@0
|
220
|
yuuji@0
|
221
|
yuuji@0
|
222
|
yuuji@0
|
223
|
yuuji@0
|
224
|
yuuji@0
|
225
|
yuuji@0
|
226 Melnikov & Zeilenga Standards Track [Page 4]
|
yuuji@0
|
227
|
yuuji@0
|
228 RFC 4422 SASL June 2006
|
yuuji@0
|
229
|
yuuji@0
|
230
|
yuuji@0
|
231 1.3. Conventions
|
yuuji@0
|
232
|
yuuji@0
|
233 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
|
yuuji@0
|
234 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
|
yuuji@0
|
235 document are to be interpreted as described in BCP 14 [RFC2119].
|
yuuji@0
|
236
|
yuuji@0
|
237 Character names in this document use the notation for code points and
|
yuuji@0
|
238 names from the Unicode Standard [Unicode]. For example, the letter
|
yuuji@0
|
239 "a" may be represented as either <U+0061> or <LATIN SMALL LETTER A>.
|
yuuji@0
|
240
|
yuuji@0
|
241 Note: a glossary of terms used in Unicode can be found in [Glossary].
|
yuuji@0
|
242 Information on the Unicode character encoding model can be found in
|
yuuji@0
|
243 [CharModel].
|
yuuji@0
|
244
|
yuuji@0
|
245 In examples, "C:" and "S:" indicate lines of data to be sent by the
|
yuuji@0
|
246 client and server, respectively. Lines have been wrapped for
|
yuuji@0
|
247 improved readability.
|
yuuji@0
|
248
|
yuuji@0
|
249 2. Identity Concepts
|
yuuji@0
|
250
|
yuuji@0
|
251 In practice, authentication and authorization may involve multiple
|
yuuji@0
|
252 identities, possibly in different forms (simple username, Kerberos
|
yuuji@0
|
253 principal, X.500 Distinguished Name, etc.), possibly with different
|
yuuji@0
|
254 representations (e.g., ABNF-described UTF-8 encoded Unicode character
|
yuuji@0
|
255 string, BER-encoded Distinguished Name). While technical
|
yuuji@0
|
256 specifications often prescribe both the identity form and
|
yuuji@0
|
257 representation used on the network, different identity forms and/or
|
yuuji@0
|
258 representations may be (and often are) used within implementations.
|
yuuji@0
|
259 How identities of different forms relate to each other is, generally,
|
yuuji@0
|
260 a local matter. In addition, the forms and representations used
|
yuuji@0
|
261 within an implementation are a local matter.
|
yuuji@0
|
262
|
yuuji@0
|
263 However, conceptually, the SASL framework involves two identities:
|
yuuji@0
|
264
|
yuuji@0
|
265 1) an identity associated with the authentication credentials
|
yuuji@0
|
266 (termed the authentication identity), and
|
yuuji@0
|
267
|
yuuji@0
|
268 2) an identity to act as (termed the authorization identity).
|
yuuji@0
|
269
|
yuuji@0
|
270 SASL mechanism specifications describe the credential form(s) (e.g.,
|
yuuji@0
|
271 X.509 certificates, Kerberos tickets, simple username/password) used
|
yuuji@0
|
272 to authenticate the client, including (where appropriate) the syntax
|
yuuji@0
|
273 and semantics of authentication identities carried in the
|
yuuji@0
|
274 credentials. SASL protocol specifications describe the identity
|
yuuji@0
|
275 form(s) used in authorization and, in particular, prescribe the
|
yuuji@0
|
276 syntax and semantics of the authorization identity character string
|
yuuji@0
|
277 to be transferred by mechanisms.
|
yuuji@0
|
278
|
yuuji@0
|
279
|
yuuji@0
|
280
|
yuuji@0
|
281
|
yuuji@0
|
282 Melnikov & Zeilenga Standards Track [Page 5]
|
yuuji@0
|
283
|
yuuji@0
|
284 RFC 4422 SASL June 2006
|
yuuji@0
|
285
|
yuuji@0
|
286
|
yuuji@0
|
287 The client provides its credentials (which include or imply an
|
yuuji@0
|
288 authentication identity) and, optionally, a character string
|
yuuji@0
|
289 representing the requested authorization identity as part of the SASL
|
yuuji@0
|
290 exchange. When this character string is omitted or empty, the client
|
yuuji@0
|
291 is requesting to act as the identity associated with the credentials
|
yuuji@0
|
292 (e.g., the user is requesting to act as the authentication identity).
|
yuuji@0
|
293
|
yuuji@0
|
294 The server is responsible for verifying the client's credentials and
|
yuuji@0
|
295 verifying that the identity it associates with the client's
|
yuuji@0
|
296 credentials (e.g., the authentication identity) is allowed to act as
|
yuuji@0
|
297 the authorization identity. A SASL exchange fails if either (or
|
yuuji@0
|
298 both) of these verifications fails. (The SASL exchange may fail for
|
yuuji@0
|
299 other reasons, such as service authorization failure.)
|
yuuji@0
|
300
|
yuuji@0
|
301 However, the precise form(s) of the authentication identities (used
|
yuuji@0
|
302 within the server in its verifications, or otherwise) and the precise
|
yuuji@0
|
303 form(s) of the authorization identities (used in making authorization
|
yuuji@0
|
304 decisions, or otherwise) are beyond the scope of SASL and this
|
yuuji@0
|
305 specification. In some circumstances, the precise identity forms
|
yuuji@0
|
306 used in some context outside of the SASL exchange may be dictated by
|
yuuji@0
|
307 other specifications. For instance, an identity assumption
|
yuuji@0
|
308 authorization (proxy authorization) policy specification may dictate
|
yuuji@0
|
309 how authentication and authorization identities are represented in
|
yuuji@0
|
310 policy statements.
|
yuuji@0
|
311
|
yuuji@0
|
312 3. The Authentication Exchange
|
yuuji@0
|
313
|
yuuji@0
|
314 Each authentication exchange consists of a message from the client to
|
yuuji@0
|
315 the server requesting authentication via a particular mechanism,
|
yuuji@0
|
316 followed by one or more pairs of challenges from the server and
|
yuuji@0
|
317 responses from the client, followed by a message from the server
|
yuuji@0
|
318 indicating the outcome of the authentication exchange. (Note:
|
yuuji@0
|
319 exchanges may also be aborted as discussed in Section 3.5.)
|
yuuji@0
|
320
|
yuuji@0
|
321 The following illustration provides a high-level overview of an
|
yuuji@0
|
322 authentication exchange.
|
yuuji@0
|
323
|
yuuji@0
|
324 C: Request authentication exchange
|
yuuji@0
|
325 S: Initial challenge
|
yuuji@0
|
326 C: Initial response
|
yuuji@0
|
327 <additional challenge/response messages>
|
yuuji@0
|
328 S: Outcome of authentication exchange
|
yuuji@0
|
329
|
yuuji@0
|
330 If the outcome is successful and a security layer was negotiated,
|
yuuji@0
|
331 this layer is then installed (see Section 3.7). This also applies to
|
yuuji@0
|
332 the following illustrations.
|
yuuji@0
|
333
|
yuuji@0
|
334
|
yuuji@0
|
335
|
yuuji@0
|
336
|
yuuji@0
|
337
|
yuuji@0
|
338 Melnikov & Zeilenga Standards Track [Page 6]
|
yuuji@0
|
339
|
yuuji@0
|
340 RFC 4422 SASL June 2006
|
yuuji@0
|
341
|
yuuji@0
|
342
|
yuuji@0
|
343 Some mechanisms specify that the first data sent in the
|
yuuji@0
|
344 authentication exchange is from the client to the server. Protocols
|
yuuji@0
|
345 may provide an optional initial response field in the request message
|
yuuji@0
|
346 to carry this data. Where the mechanism specifies that the first
|
yuuji@0
|
347 data sent in the exchange is from the client to the server, the
|
yuuji@0
|
348 protocol provides an optional initial response field, and the client
|
yuuji@0
|
349 uses this field, the exchange is shortened by one round-trip:
|
yuuji@0
|
350
|
yuuji@0
|
351 C: Request authentication exchange + Initial response
|
yuuji@0
|
352 <additional challenge/response messages>
|
yuuji@0
|
353 S: Outcome of authentication exchange
|
yuuji@0
|
354
|
yuuji@0
|
355 Where the mechanism specifies that the first data sent in the
|
yuuji@0
|
356 exchange is from the client to the server and this field is
|
yuuji@0
|
357 unavailable or unused, the client request is followed by an empty
|
yuuji@0
|
358 challenge.
|
yuuji@0
|
359
|
yuuji@0
|
360 C: Request authentication exchange
|
yuuji@0
|
361 S: Empty Challenge
|
yuuji@0
|
362 C: Initial Response
|
yuuji@0
|
363 <additional challenge/response messages>
|
yuuji@0
|
364 S: Outcome of authentication exchange
|
yuuji@0
|
365
|
yuuji@0
|
366 Should a client include an initial response in its request where the
|
yuuji@0
|
367 mechanism does not allow the client to send data first, the
|
yuuji@0
|
368 authentication exchange fails.
|
yuuji@0
|
369
|
yuuji@0
|
370 Some mechanisms specify that the server is to send additional data to
|
yuuji@0
|
371 the client when indicating a successful outcome. Protocols may
|
yuuji@0
|
372 provide an optional additional data field in the outcome message to
|
yuuji@0
|
373 carry this data. Where the mechanism specifies that the server is to
|
yuuji@0
|
374 return additional data with the successful outcome, the protocol
|
yuuji@0
|
375 provides an optional additional data field in the outcome message,
|
yuuji@0
|
376 and the server uses this field, the exchange is shortened by one
|
yuuji@0
|
377 round-trip:
|
yuuji@0
|
378
|
yuuji@0
|
379 C: Request authentication exchange
|
yuuji@0
|
380 S: Initial challenge
|
yuuji@0
|
381 C: Initial response
|
yuuji@0
|
382 <additional challenge/response messages>
|
yuuji@0
|
383 S: Outcome of authentication exchange with
|
yuuji@0
|
384 additional data with success
|
yuuji@0
|
385
|
yuuji@0
|
386 Where the mechanism specifies that the server is to return additional
|
yuuji@0
|
387 data to the client with a successful outcome and this field is
|
yuuji@0
|
388 unavailable or unused, the additional data is sent as a challenge
|
yuuji@0
|
389 whose response is empty. After receiving this response, the server
|
yuuji@0
|
390 then indicates the successful outcome.
|
yuuji@0
|
391
|
yuuji@0
|
392
|
yuuji@0
|
393
|
yuuji@0
|
394 Melnikov & Zeilenga Standards Track [Page 7]
|
yuuji@0
|
395
|
yuuji@0
|
396 RFC 4422 SASL June 2006
|
yuuji@0
|
397
|
yuuji@0
|
398
|
yuuji@0
|
399 C: Request authentication exchange
|
yuuji@0
|
400 S: Initial challenge
|
yuuji@0
|
401 C: Initial response
|
yuuji@0
|
402 <additional challenge/response messages>
|
yuuji@0
|
403 S: Additional data challenge
|
yuuji@0
|
404 C: Empty Response
|
yuuji@0
|
405 S: Outcome of authentication exchange
|
yuuji@0
|
406
|
yuuji@0
|
407 Where mechanisms specify that the first data sent in the exchange is
|
yuuji@0
|
408 from the client to the server and additional data is sent to the
|
yuuji@0
|
409 client along with indicating a successful outcome, and the protocol
|
yuuji@0
|
410 provides fields supporting both, then the exchange takes two fewer
|
yuuji@0
|
411 round-trips:
|
yuuji@0
|
412
|
yuuji@0
|
413 C: Request authentication exchange + Initial response
|
yuuji@0
|
414 <additional challenge/response messages>
|
yuuji@0
|
415 S: Outcome of authentication exchange
|
yuuji@0
|
416 with additional data with success
|
yuuji@0
|
417
|
yuuji@0
|
418 instead of:
|
yuuji@0
|
419
|
yuuji@0
|
420 C: Request authentication exchange
|
yuuji@0
|
421 S: Empty Challenge
|
yuuji@0
|
422 C: Initial Response
|
yuuji@0
|
423 <additional challenge/response messages>
|
yuuji@0
|
424 S: Additional data challenge
|
yuuji@0
|
425 C: Empty Response
|
yuuji@0
|
426 S: Outcome of authentication exchange
|
yuuji@0
|
427
|
yuuji@0
|
428 3.1. Mechanism Naming
|
yuuji@0
|
429
|
yuuji@0
|
430 SASL mechanisms are named by character strings, from 1 to 20
|
yuuji@0
|
431 characters in length, consisting of ASCII [ASCII] uppercase letters,
|
yuuji@0
|
432 digits, hyphens, and/or underscores. In the following Augmented
|
yuuji@0
|
433 Backus-Naur Form (ABNF) [RFC4234] grammar, the <sasl-mech> production
|
yuuji@0
|
434 defines the syntax of a SASL mechanism name.
|
yuuji@0
|
435
|
yuuji@0
|
436 sasl-mech = 1*20mech-char
|
yuuji@0
|
437 mech-char = UPPER-ALPHA / DIGIT / HYPHEN / UNDERSCORE
|
yuuji@0
|
438 ; mech-char is restricted to A-Z (uppercase only), 0-9, -, and _
|
yuuji@0
|
439 ; from ASCII character set.
|
yuuji@0
|
440
|
yuuji@0
|
441 UPPER-ALPHA = %x41-5A ; A-Z (uppercase only)
|
yuuji@0
|
442 DIGIT = %x30-39 ; 0-9
|
yuuji@0
|
443 HYPHEN = %x2D ; hyphen (-)
|
yuuji@0
|
444 UNDERSCORE = %x5F ; underscore (_)
|
yuuji@0
|
445
|
yuuji@0
|
446 SASL mechanism names are registered as discussed in Section 7.1.
|
yuuji@0
|
447
|
yuuji@0
|
448
|
yuuji@0
|
449
|
yuuji@0
|
450 Melnikov & Zeilenga Standards Track [Page 8]
|
yuuji@0
|
451
|
yuuji@0
|
452 RFC 4422 SASL June 2006
|
yuuji@0
|
453
|
yuuji@0
|
454
|
yuuji@0
|
455 3.2. Mechanism Negotiation
|
yuuji@0
|
456
|
yuuji@0
|
457 Mechanism negotiation is protocol specific.
|
yuuji@0
|
458
|
yuuji@0
|
459 Commonly, a protocol will specify that the server advertises
|
yuuji@0
|
460 supported and available mechanisms to the client via some facility
|
yuuji@0
|
461 provided by the protocol, and the client will then select the "best"
|
yuuji@0
|
462 mechanism from this list that it supports and finds suitable.
|
yuuji@0
|
463
|
yuuji@0
|
464 Note that the mechanism negotiation is not protected by the
|
yuuji@0
|
465 subsequent authentication exchange and hence is subject to downgrade
|
yuuji@0
|
466 attacks if not protected by other means.
|
yuuji@0
|
467
|
yuuji@0
|
468 To detect downgrade attacks, a protocol can allow the client to
|
yuuji@0
|
469 discover available mechanisms subsequent to the authentication
|
yuuji@0
|
470 exchange and installation of data security layers with at least data
|
yuuji@0
|
471 integrity protection. This allows the client to detect changes to
|
yuuji@0
|
472 the list of mechanisms supported by the server.
|
yuuji@0
|
473
|
yuuji@0
|
474 3.3. Request Authentication Exchange
|
yuuji@0
|
475
|
yuuji@0
|
476 The authentication exchange is initiated by the client by requesting
|
yuuji@0
|
477 authentication via a mechanism it specifies. The client sends a
|
yuuji@0
|
478 message that contains the name of the mechanism to the server. The
|
yuuji@0
|
479 particulars of the message are protocol specific.
|
yuuji@0
|
480
|
yuuji@0
|
481 Note that the name of the mechanism is not protected by the
|
yuuji@0
|
482 mechanism, and hence is subject to alteration by an attacker if not
|
yuuji@0
|
483 integrity protected by other means.
|
yuuji@0
|
484
|
yuuji@0
|
485 Where the mechanism is defined to allow the client to send data
|
yuuji@0
|
486 first, and the protocol's request message includes an optional
|
yuuji@0
|
487 initial response field, the client may include the response to the
|
yuuji@0
|
488 initial challenge in the authentication request message.
|
yuuji@0
|
489
|
yuuji@0
|
490 3.4. Challenges and Responses
|
yuuji@0
|
491
|
yuuji@0
|
492 The authentication exchange involves one or more pairs of server-
|
yuuji@0
|
493 challenges and client-responses, the particulars of which are
|
yuuji@0
|
494 mechanism specific. These challenges and responses are enclosed in
|
yuuji@0
|
495 protocol messages, the particulars of which are protocol specific.
|
yuuji@0
|
496
|
yuuji@0
|
497 Through these challenges and responses, the mechanism may:
|
yuuji@0
|
498
|
yuuji@0
|
499 - authenticate the client to the server,
|
yuuji@0
|
500
|
yuuji@0
|
501 - authenticate the server to the client,
|
yuuji@0
|
502
|
yuuji@0
|
503
|
yuuji@0
|
504
|
yuuji@0
|
505
|
yuuji@0
|
506 Melnikov & Zeilenga Standards Track [Page 9]
|
yuuji@0
|
507
|
yuuji@0
|
508 RFC 4422 SASL June 2006
|
yuuji@0
|
509
|
yuuji@0
|
510
|
yuuji@0
|
511 - transfer an authorization identity string,
|
yuuji@0
|
512
|
yuuji@0
|
513 - negotiate a security layer, and
|
yuuji@0
|
514
|
yuuji@0
|
515 - provide other services.
|
yuuji@0
|
516
|
yuuji@0
|
517 The negotiation of the security layer may involve negotiation of the
|
yuuji@0
|
518 security services to be provided in the layer, how these services
|
yuuji@0
|
519 will be provided, and negotiation of a maximum cipher-text buffer
|
yuuji@0
|
520 size each side is able to receive in the layer (see Section 3.6).
|
yuuji@0
|
521
|
yuuji@0
|
522 After receiving an authentication request or any client response, the
|
yuuji@0
|
523 server may issue a challenge, abort the exchange, or indicate the
|
yuuji@0
|
524 outcome of an exchange. After receiving a challenge, a client
|
yuuji@0
|
525 mechanism may issue a response or abort the exchange.
|
yuuji@0
|
526
|
yuuji@0
|
527 3.4.1. Authorization Identity String
|
yuuji@0
|
528
|
yuuji@0
|
529 The authorization identity string is a sequence of zero or more
|
yuuji@0
|
530 Unicode [Unicode] characters, excluding the NUL (U+0000) character,
|
yuuji@0
|
531 representing the identity to act as.
|
yuuji@0
|
532
|
yuuji@0
|
533 If the authorization identity string is absent, the client is
|
yuuji@0
|
534 requesting to act as the identity the server associates with the
|
yuuji@0
|
535 client's credentials. An empty string is equivalent to an absent
|
yuuji@0
|
536 authorization identity.
|
yuuji@0
|
537
|
yuuji@0
|
538 A non-empty authorization identity string indicates that the client
|
yuuji@0
|
539 wishes to act as the identity represented by the string. In this
|
yuuji@0
|
540 case, the form of identity represented by the string, as well as the
|
yuuji@0
|
541 precise syntax and semantics of the string, is protocol specific.
|
yuuji@0
|
542
|
yuuji@0
|
543 While the character encoding schema used to transfer the
|
yuuji@0
|
544 authorization identity string in the authentication exchange is
|
yuuji@0
|
545 mechanism specific, mechanisms are expected to be capable of carrying
|
yuuji@0
|
546 the entire Unicode repertoire (with the exception of the NUL
|
yuuji@0
|
547 character).
|
yuuji@0
|
548
|
yuuji@0
|
549 3.5. Aborting Authentication Exchanges
|
yuuji@0
|
550
|
yuuji@0
|
551 A client or server may desire to abort an authentication exchange if
|
yuuji@0
|
552 it is unwilling or unable to continue (or enter into).
|
yuuji@0
|
553
|
yuuji@0
|
554 A client may abort the authentication exchange by sending a message,
|
yuuji@0
|
555 the particulars of which are protocol specific, to the server,
|
yuuji@0
|
556 indicating that the exchange is aborted. The server may be required
|
yuuji@0
|
557 by the protocol to return a message in response to the client's abort
|
yuuji@0
|
558 message.
|
yuuji@0
|
559
|
yuuji@0
|
560
|
yuuji@0
|
561
|
yuuji@0
|
562 Melnikov & Zeilenga Standards Track [Page 10]
|
yuuji@0
|
563
|
yuuji@0
|
564 RFC 4422 SASL June 2006
|
yuuji@0
|
565
|
yuuji@0
|
566
|
yuuji@0
|
567 Likewise, a server may abort the authentication exchange by sending a
|
yuuji@0
|
568 message, the particulars of which are protocol specific, to the
|
yuuji@0
|
569 client, indicating that the exchange is aborted.
|
yuuji@0
|
570
|
yuuji@0
|
571 3.6. Authentication Outcome
|
yuuji@0
|
572
|
yuuji@0
|
573 At the conclusion of the authentication exchange, the server sends a
|
yuuji@0
|
574 message, the particulars of which are protocol specific, to the
|
yuuji@0
|
575 client indicating the outcome of the exchange.
|
yuuji@0
|
576
|
yuuji@0
|
577 The outcome is not successful if
|
yuuji@0
|
578
|
yuuji@0
|
579 - the authentication exchange failed for any reason,
|
yuuji@0
|
580
|
yuuji@0
|
581 - the client's credentials could not be verified,
|
yuuji@0
|
582
|
yuuji@0
|
583 - the server cannot associate an identity with the client's
|
yuuji@0
|
584 credentials,
|
yuuji@0
|
585
|
yuuji@0
|
586 - the client-provided authorization identity string is malformed,
|
yuuji@0
|
587
|
yuuji@0
|
588 - the identity associated with the client's credentials is not
|
yuuji@0
|
589 authorized to act as the requested authorization identity,
|
yuuji@0
|
590
|
yuuji@0
|
591 - the negotiated security layer (or lack thereof) is not
|
yuuji@0
|
592 suitable, or
|
yuuji@0
|
593
|
yuuji@0
|
594 - the server is not willing to provide service to the client for
|
yuuji@0
|
595 any reason.
|
yuuji@0
|
596
|
yuuji@0
|
597 The protocol may include an optional additional data field in this
|
yuuji@0
|
598 outcome message. This field can only include additional data when
|
yuuji@0
|
599 the outcome is successful.
|
yuuji@0
|
600
|
yuuji@0
|
601 If the outcome is successful and a security layer was negotiated,
|
yuuji@0
|
602 this layer is then installed. If the outcome is unsuccessful, or a
|
yuuji@0
|
603 security layer was not negotiated, any existing security is left in
|
yuuji@0
|
604 place.
|
yuuji@0
|
605
|
yuuji@0
|
606 The outcome message provided by the server can provide a way for the
|
yuuji@0
|
607 client to distinguish between errors that are best dealt with by re-
|
yuuji@0
|
608 prompting the user for her credentials, errors that are best dealt
|
yuuji@0
|
609 with by telling the user to try again later, and errors where the
|
yuuji@0
|
610 user must contact a system administrator for resolution (see the SYS
|
yuuji@0
|
611 and AUTH POP Response Codes [RFC3206] specification for an example).
|
yuuji@0
|
612 This distinction is particularly useful during scheduled server
|
yuuji@0
|
613 maintenance periods as it reduces support costs. It is also
|
yuuji@0
|
614 important that the server can be configured such that the outcome
|
yuuji@0
|
615
|
yuuji@0
|
616
|
yuuji@0
|
617
|
yuuji@0
|
618 Melnikov & Zeilenga Standards Track [Page 11]
|
yuuji@0
|
619
|
yuuji@0
|
620 RFC 4422 SASL June 2006
|
yuuji@0
|
621
|
yuuji@0
|
622
|
yuuji@0
|
623 message will not distinguish between a valid user with invalid
|
yuuji@0
|
624 credentials and an invalid user.
|
yuuji@0
|
625
|
yuuji@0
|
626 3.7. Security Layers
|
yuuji@0
|
627
|
yuuji@0
|
628 SASL mechanisms may offer a wide range of services in security
|
yuuji@0
|
629 layers. Typical services include data integrity and data
|
yuuji@0
|
630 confidentiality. SASL mechanisms that do not provide a security
|
yuuji@0
|
631 layer are treated as negotiating no security layer.
|
yuuji@0
|
632
|
yuuji@0
|
633 If use of a security layer is negotiated in the authentication
|
yuuji@0
|
634 protocol exchange, the layer is installed by the server after
|
yuuji@0
|
635 indicating the outcome of the authentication exchange and installed
|
yuuji@0
|
636 by the client upon receipt of the outcome indication. In both cases,
|
yuuji@0
|
637 the layer is installed before transfer of further protocol data. The
|
yuuji@0
|
638 precise position upon which the layer takes effect in the protocol
|
yuuji@0
|
639 data stream is protocol specific.
|
yuuji@0
|
640
|
yuuji@0
|
641 Once the security layer is in effect in the protocol data stream, it
|
yuuji@0
|
642 remains in effect until either a subsequently negotiated security
|
yuuji@0
|
643 layer is installed or the underlying transport connection is closed.
|
yuuji@0
|
644
|
yuuji@0
|
645 When in effect, the security layer processes protocol data into
|
yuuji@0
|
646 buffers of protected data. If at any time the security layer is
|
yuuji@0
|
647 unable or unwilling to continue producing buffers protecting protocol
|
yuuji@0
|
648 data, the underlying transport connection MUST be closed. If the
|
yuuji@0
|
649 security layer is not able to decode a received buffer, the
|
yuuji@0
|
650 underlying connection MUST be closed. In both cases, the underlying
|
yuuji@0
|
651 transport connection SHOULD be closed gracefully.
|
yuuji@0
|
652
|
yuuji@0
|
653 Each buffer of protected data is transferred over the underlying
|
yuuji@0
|
654 transport connection as a sequence of octets prepended with a four-
|
yuuji@0
|
655 octet field in network byte order that represents the length of the
|
yuuji@0
|
656 buffer. The length of the protected data buffer MUST be no larger
|
yuuji@0
|
657 than the maximum size that the other side expects. Upon the receipt
|
yuuji@0
|
658 of a length field whose value is greater than the maximum size, the
|
yuuji@0
|
659 receiver SHOULD close the connection, as this might be a sign of an
|
yuuji@0
|
660 attack.
|
yuuji@0
|
661
|
yuuji@0
|
662 The maximum size that each side expects is fixed by the mechanism,
|
yuuji@0
|
663 either through negotiation or by its specification.
|
yuuji@0
|
664
|
yuuji@0
|
665 3.8. Multiple Authentications
|
yuuji@0
|
666
|
yuuji@0
|
667 Unless explicitly permitted in the protocol (as stated in the
|
yuuji@0
|
668 protocol's technical specification), only one successful SASL
|
yuuji@0
|
669 authentication exchange may occur in a protocol session. In this
|
yuuji@0
|
670
|
yuuji@0
|
671
|
yuuji@0
|
672
|
yuuji@0
|
673
|
yuuji@0
|
674 Melnikov & Zeilenga Standards Track [Page 12]
|
yuuji@0
|
675
|
yuuji@0
|
676 RFC 4422 SASL June 2006
|
yuuji@0
|
677
|
yuuji@0
|
678
|
yuuji@0
|
679 case, once an authentication exchange has successfully completed,
|
yuuji@0
|
680 further attempts to initiate an authentication exchange fail.
|
yuuji@0
|
681
|
yuuji@0
|
682 Where multiple successful SASL authentication exchanges are permitted
|
yuuji@0
|
683 in the protocol, then in no case may multiple SASL security layers be
|
yuuji@0
|
684 simultaneously in effect. If a security layer is in effect and a
|
yuuji@0
|
685 subsequent SASL negotiation selects a second security layer, then the
|
yuuji@0
|
686 second security layer replaces the first. If a security layer is in
|
yuuji@0
|
687 effect and a subsequent SASL negotiation selects no security layer,
|
yuuji@0
|
688 the original security layer remains in effect.
|
yuuji@0
|
689
|
yuuji@0
|
690 Where multiple successful SASL negotiations are permitted in the
|
yuuji@0
|
691 protocol, the effect of a failed SASL authentication exchange upon
|
yuuji@0
|
692 the previously established authentication and authorization state is
|
yuuji@0
|
693 protocol specific. The protocol's technical specification should be
|
yuuji@0
|
694 consulted to determine whether the previous authentication and
|
yuuji@0
|
695 authorization state remains in force, or changed to an anonymous
|
yuuji@0
|
696 state, or otherwise was affected. Regardless of the protocol-
|
yuuji@0
|
697 specific effect upon previously established authentication and
|
yuuji@0
|
698 authorization state, the previously negotiated security layer remains
|
yuuji@0
|
699 in effect.
|
yuuji@0
|
700
|
yuuji@0
|
701 4. Protocol Requirements
|
yuuji@0
|
702
|
yuuji@0
|
703 In order for a protocol to offer SASL services, its specification
|
yuuji@0
|
704 MUST supply the following information:
|
yuuji@0
|
705
|
yuuji@0
|
706 1) A service name, to be selected from registry of "service" elements
|
yuuji@0
|
707 for the Generic Security Service Application Program Interface
|
yuuji@0
|
708 (GSSAPI) host-based service name form, as described in Section 4.1
|
yuuji@0
|
709 of [RFC2743]. Note that this registry is shared by all GSSAPI and
|
yuuji@0
|
710 SASL mechanisms.
|
yuuji@0
|
711
|
yuuji@0
|
712 2) Detail any mechanism negotiation facility that the protocol
|
yuuji@0
|
713 provides (see Section 3.2).
|
yuuji@0
|
714
|
yuuji@0
|
715 A protocol SHOULD specify a facility through which the client may
|
yuuji@0
|
716 discover, both before initiation of the SASL exchange and after
|
yuuji@0
|
717 installing security layers negotiated by the exchange, the names
|
yuuji@0
|
718 of the SASL mechanisms that the server makes available to the
|
yuuji@0
|
719 client. The latter is important to allow the client to detect
|
yuuji@0
|
720 downgrade attacks. This facility is typically provided through
|
yuuji@0
|
721 the protocol's extensions or capabilities discovery facility.
|
yuuji@0
|
722
|
yuuji@0
|
723 3) Definition of the messages necessary for authentication exchange,
|
yuuji@0
|
724 including the following:
|
yuuji@0
|
725
|
yuuji@0
|
726
|
yuuji@0
|
727
|
yuuji@0
|
728
|
yuuji@0
|
729
|
yuuji@0
|
730 Melnikov & Zeilenga Standards Track [Page 13]
|
yuuji@0
|
731
|
yuuji@0
|
732 RFC 4422 SASL June 2006
|
yuuji@0
|
733
|
yuuji@0
|
734
|
yuuji@0
|
735 a) A message to initiate the authentication exchange (see Section
|
yuuji@0
|
736 3.3).
|
yuuji@0
|
737
|
yuuji@0
|
738 This message MUST contain a field for carrying the name of the
|
yuuji@0
|
739 mechanism selected by the client.
|
yuuji@0
|
740
|
yuuji@0
|
741 This message SHOULD contain an optional field for carrying an
|
yuuji@0
|
742 initial response. If the message is defined with this field,
|
yuuji@0
|
743 the specification MUST describe how messages with an empty
|
yuuji@0
|
744 initial response are distinguished from messages with no
|
yuuji@0
|
745 initial response. This field MUST be capable of carrying
|
yuuji@0
|
746 arbitrary sequences of octets (including zero-length sequences
|
yuuji@0
|
747 and sequences containing zero-valued octets).
|
yuuji@0
|
748
|
yuuji@0
|
749 b) Messages to transfer server challenges and client responses
|
yuuji@0
|
750 (see Section 3.4).
|
yuuji@0
|
751
|
yuuji@0
|
752 Each of these messages MUST be capable of carrying arbitrary
|
yuuji@0
|
753 sequences of octets (including zero-length sequences and
|
yuuji@0
|
754 sequences containing zero-valued octets).
|
yuuji@0
|
755
|
yuuji@0
|
756 c) A message to indicate the outcome of the authentication
|
yuuji@0
|
757 exchange (see Section 3.6).
|
yuuji@0
|
758
|
yuuji@0
|
759 This message SHOULD contain an optional field for carrying
|
yuuji@0
|
760 additional data with a successful outcome. If the message is
|
yuuji@0
|
761 defined with this field, the specification MUST describe how
|
yuuji@0
|
762 messages with an empty additional data are distinguished from
|
yuuji@0
|
763 messages with no additional data. This field MUST be capable
|
yuuji@0
|
764 of carrying arbitrary sequences of octets (including zero-
|
yuuji@0
|
765 length sequences and sequences containing zero-valued octets).
|
yuuji@0
|
766
|
yuuji@0
|
767 4) Prescribe the syntax and semantics of non-empty authorization
|
yuuji@0
|
768 identity strings (see Section 3.4.1).
|
yuuji@0
|
769
|
yuuji@0
|
770 In order to avoid interoperability problems due to differing
|
yuuji@0
|
771 normalizations, the protocol specification MUST detail precisely
|
yuuji@0
|
772 how and where (client or server) non-empty authorization identity
|
yuuji@0
|
773 strings are prepared, including all normalizations, for comparison
|
yuuji@0
|
774 and other applicable functions to ensure proper function.
|
yuuji@0
|
775
|
yuuji@0
|
776 Specifications are encouraged to prescribe use of existing
|
yuuji@0
|
777 authorization identity forms as well as existing string
|
yuuji@0
|
778 representations, such as simple user names [RFC4013].
|
yuuji@0
|
779
|
yuuji@0
|
780 Where the specification does not precisely prescribe how
|
yuuji@0
|
781 identities in SASL relate to identities used elsewhere in the
|
yuuji@0
|
782 protocol, for instance, in access control policy statements, it
|
yuuji@0
|
783
|
yuuji@0
|
784
|
yuuji@0
|
785
|
yuuji@0
|
786 Melnikov & Zeilenga Standards Track [Page 14]
|
yuuji@0
|
787
|
yuuji@0
|
788 RFC 4422 SASL June 2006
|
yuuji@0
|
789
|
yuuji@0
|
790
|
yuuji@0
|
791 may be appropriate for the protocol to provide a facility by which
|
yuuji@0
|
792 the client can discover information (such as the representation of
|
yuuji@0
|
793 the identity used in making access control decisions) about
|
yuuji@0
|
794 established identities for these uses.
|
yuuji@0
|
795
|
yuuji@0
|
796 5) Detail any facility the protocol provides that allows the client
|
yuuji@0
|
797 and/or server to abort authentication exchange (see Section 3.5).
|
yuuji@0
|
798
|
yuuji@0
|
799 Protocols that support multiple authentications typically allow a
|
yuuji@0
|
800 client to abort an ongoing authentication exchange by initiating a
|
yuuji@0
|
801 new authentication exchange. Protocols that do not support
|
yuuji@0
|
802 multiple authentications may require the client to close the
|
yuuji@0
|
803 connection and start over to abort an ongoing authentication
|
yuuji@0
|
804 exchange.
|
yuuji@0
|
805
|
yuuji@0
|
806 Protocols typically allow the server to abort ongoing
|
yuuji@0
|
807 authentication exchanges by returning a non-successful outcome
|
yuuji@0
|
808 message.
|
yuuji@0
|
809
|
yuuji@0
|
810 6) Identify precisely where newly negotiated security layers start to
|
yuuji@0
|
811 take effect, in both directions (see Section 3.7).
|
yuuji@0
|
812
|
yuuji@0
|
813 Typically, specifications require security layers to start taking
|
yuuji@0
|
814 effect on the first octet following the outcome message in data
|
yuuji@0
|
815 being sent by the server and on the first octet sent after receipt
|
yuuji@0
|
816 of the outcome message in data being sent by the client.
|
yuuji@0
|
817
|
yuuji@0
|
818 7) If the protocol supports other layered security services, such as
|
yuuji@0
|
819 Transport Layer Security (TLS) [RFC4346], the specification MUST
|
yuuji@0
|
820 prescribe the order in which security layers are applied to
|
yuuji@0
|
821 protocol data.
|
yuuji@0
|
822
|
yuuji@0
|
823 For instance, where a protocol supports both TLS and SASL security
|
yuuji@0
|
824 layers, the specification could prescribe any of the following:
|
yuuji@0
|
825
|
yuuji@0
|
826 a) SASL security layer is always applied first to data being sent
|
yuuji@0
|
827 and, hence, applied last to received data,
|
yuuji@0
|
828
|
yuuji@0
|
829 b) SASL security layer is always applied last to data being sent
|
yuuji@0
|
830 and, hence, applied first to received data,
|
yuuji@0
|
831
|
yuuji@0
|
832 c) Layers are applied in the order in which they were installed,
|
yuuji@0
|
833
|
yuuji@0
|
834 d) Layers are applied in the reverse order in which they were
|
yuuji@0
|
835 installed, or
|
yuuji@0
|
836
|
yuuji@0
|
837 e) Both TLS and SASL security layers cannot be installed.
|
yuuji@0
|
838
|
yuuji@0
|
839
|
yuuji@0
|
840
|
yuuji@0
|
841
|
yuuji@0
|
842 Melnikov & Zeilenga Standards Track [Page 15]
|
yuuji@0
|
843
|
yuuji@0
|
844 RFC 4422 SASL June 2006
|
yuuji@0
|
845
|
yuuji@0
|
846
|
yuuji@0
|
847 8) Indicate whether the protocol supports multiple authentications
|
yuuji@0
|
848 (see Section 3.8). If so, the protocol MUST detail the effect a
|
yuuji@0
|
849 failed SASL authentication exchange will have upon a previously
|
yuuji@0
|
850 established authentication and authorization state.
|
yuuji@0
|
851
|
yuuji@0
|
852 Protocol specifications SHOULD avoid stating implementation
|
yuuji@0
|
853 requirements that would hinder replacement of applicable mechanisms.
|
yuuji@0
|
854 In general, protocol specifications SHOULD be mechanism neutral.
|
yuuji@0
|
855 There are a number of reasonable exceptions to this recommendation,
|
yuuji@0
|
856 including
|
yuuji@0
|
857
|
yuuji@0
|
858 - detailing how credentials (which are mechanism specific) are
|
yuuji@0
|
859 managed in the protocol,
|
yuuji@0
|
860
|
yuuji@0
|
861 - detailing how authentication identities (which are mechanism
|
yuuji@0
|
862 specific) and authorization identities (which are protocol
|
yuuji@0
|
863 specific) relate to each other, and
|
yuuji@0
|
864
|
yuuji@0
|
865 - detailing which mechanisms are applicable to the protocol.
|
yuuji@0
|
866
|
yuuji@0
|
867 5. Mechanism Requirements
|
yuuji@0
|
868
|
yuuji@0
|
869 SASL mechanism specifications MUST supply the following information:
|
yuuji@0
|
870
|
yuuji@0
|
871 1) The name of the mechanism (see Section 3.1). This name MUST be
|
yuuji@0
|
872 registered as discussed in Section 7.1.
|
yuuji@0
|
873
|
yuuji@0
|
874 2) A definition of the server-challenges and client-responses of the
|
yuuji@0
|
875 authentication exchange, as well as the following:
|
yuuji@0
|
876
|
yuuji@0
|
877 a) An indication of whether the mechanism is client-first,
|
yuuji@0
|
878 variable, or server-first. If a SASL mechanism is defined as
|
yuuji@0
|
879 client-first and the client does not send an initial response
|
yuuji@0
|
880 in the authentication request, then the first server challenge
|
yuuji@0
|
881 MUST be empty (the EXTERNAL mechanism is an example of this
|
yuuji@0
|
882 case). If a SASL mechanism is defined as variable, then the
|
yuuji@0
|
883 specification needs to state how the server behaves when the
|
yuuji@0
|
884 initial client response in the authentication request is
|
yuuji@0
|
885 omitted (the DIGEST-MD5 mechanism [DIGEST-MD5] is an example of
|
yuuji@0
|
886 this case). If a SASL mechanism is defined as server-first,
|
yuuji@0
|
887 then the client MUST NOT send an initial client response in the
|
yuuji@0
|
888 authentication request (the CRAM-MD5 mechanism [CRAM-MD5] is an
|
yuuji@0
|
889 example of this case).
|
yuuji@0
|
890
|
yuuji@0
|
891 b) An indication of whether the server is expected to provide
|
yuuji@0
|
892 additional data when indicating a successful outcome. If so,
|
yuuji@0
|
893 if the server sends the additional data as a challenge, the
|
yuuji@0
|
894
|
yuuji@0
|
895
|
yuuji@0
|
896
|
yuuji@0
|
897
|
yuuji@0
|
898 Melnikov & Zeilenga Standards Track [Page 16]
|
yuuji@0
|
899
|
yuuji@0
|
900 RFC 4422 SASL June 2006
|
yuuji@0
|
901
|
yuuji@0
|
902
|
yuuji@0
|
903 specification MUST indicate that the response to this challenge
|
yuuji@0
|
904 is an empty response.
|
yuuji@0
|
905
|
yuuji@0
|
906 SASL mechanisms SHOULD be designed to minimize the number of
|
yuuji@0
|
907 challenges and responses necessary to complete the exchange.
|
yuuji@0
|
908
|
yuuji@0
|
909 3) An indication of whether the mechanism is capable of transferring
|
yuuji@0
|
910 authorization identity strings (see Section 3.4.1). While some
|
yuuji@0
|
911 legacy mechanisms are incapable of transmitting an authorization
|
yuuji@0
|
912 identity (which means that for these mechanisms, the authorization
|
yuuji@0
|
913 identity is always the empty string), newly defined mechanisms
|
yuuji@0
|
914 SHOULD be capable of transferring authorization identity strings.
|
yuuji@0
|
915 The mechanism SHOULD NOT be capable of transferring both no
|
yuuji@0
|
916 authorization identity string and an empty authorization identity.
|
yuuji@0
|
917
|
yuuji@0
|
918 Mechanisms that are capable of transferring an authorization
|
yuuji@0
|
919 identity string MUST be capable of transferring arbitrary non-
|
yuuji@0
|
920 empty sequences of Unicode characters, excluding those that
|
yuuji@0
|
921 contain the NUL (U+0000) character. Mechanisms SHOULD use the
|
yuuji@0
|
922 UTF-8 [RFC3629] transformation format. The specification MUST
|
yuuji@0
|
923 detail how any Unicode code points special to the mechanism that
|
yuuji@0
|
924 might appear in the authorization identity string are escaped to
|
yuuji@0
|
925 avoid ambiguity during decoding of the authorization identity
|
yuuji@0
|
926 string. Typically, mechanisms that have special characters
|
yuuji@0
|
927 require these special characters to be escaped or encoded in the
|
yuuji@0
|
928 character string (after encoding it in a particular Unicode
|
yuuji@0
|
929 transformation format) using a data encoding scheme such as Base64
|
yuuji@0
|
930 [RFC3548].
|
yuuji@0
|
931
|
yuuji@0
|
932 4) The specification MUST detail whether the mechanism offers a
|
yuuji@0
|
933 security layer. If the mechanism does, the specification MUST
|
yuuji@0
|
934 detail the security and other services offered in the layer as
|
yuuji@0
|
935 well as how these services are to be implemented.
|
yuuji@0
|
936
|
yuuji@0
|
937 5) If the underlying cryptographic technology used by a mechanism
|
yuuji@0
|
938 supports data integrity, then the mechanism specification MUST
|
yuuji@0
|
939 integrity protect the transmission of an authorization identity
|
yuuji@0
|
940 and the negotiation of the security layer.
|
yuuji@0
|
941
|
yuuji@0
|
942 SASL mechanisms SHOULD be protocol neutral.
|
yuuji@0
|
943
|
yuuji@0
|
944 SASL mechanisms SHOULD reuse existing credential and identity forms,
|
yuuji@0
|
945 as well as associated syntaxes and semantics.
|
yuuji@0
|
946
|
yuuji@0
|
947 SASL mechanisms SHOULD use the UTF-8 transformation format [RFC3629]
|
yuuji@0
|
948 for encoding Unicode [Unicode] code points for transfer.
|
yuuji@0
|
949
|
yuuji@0
|
950
|
yuuji@0
|
951
|
yuuji@0
|
952
|
yuuji@0
|
953
|
yuuji@0
|
954 Melnikov & Zeilenga Standards Track [Page 17]
|
yuuji@0
|
955
|
yuuji@0
|
956 RFC 4422 SASL June 2006
|
yuuji@0
|
957
|
yuuji@0
|
958
|
yuuji@0
|
959 In order to avoid interoperability problems due to differing
|
yuuji@0
|
960 normalizations, when a mechanism calls for character data (other than
|
yuuji@0
|
961 the authorization identity string) to be used as input to a
|
yuuji@0
|
962 cryptographic and/or comparison function, the specification MUST
|
yuuji@0
|
963 detail precisely how and where (client or server) the character data
|
yuuji@0
|
964 is to be prepared, including all normalizations, for input into the
|
yuuji@0
|
965 function to ensure proper operation.
|
yuuji@0
|
966
|
yuuji@0
|
967 For simple user names and/or passwords in authentication credentials,
|
yuuji@0
|
968 SASLprep [RFC4013] (a profile of the StringPrep [RFC3454] preparation
|
yuuji@0
|
969 algorithm), SHOULD be specified as the preparation algorithm.
|
yuuji@0
|
970
|
yuuji@0
|
971 The mechanism SHOULD NOT use the authorization identity string in
|
yuuji@0
|
972 generation of any long-term cryptographic keys or hashes as there is
|
yuuji@0
|
973 no requirement that the authorization identity string be canonical.
|
yuuji@0
|
974 Long-term, here, means a term longer than the duration of the
|
yuuji@0
|
975 authentication exchange in which they were generated. That is, as
|
yuuji@0
|
976 different clients (of the same or different protocol) may provide
|
yuuji@0
|
977 different authorization identity strings that are semantically
|
yuuji@0
|
978 equivalent, use of authorization identity strings in generation of
|
yuuji@0
|
979 cryptographic keys and hashes will likely lead to interoperability
|
yuuji@0
|
980 and other problems.
|
yuuji@0
|
981
|
yuuji@0
|
982 6. Security Considerations
|
yuuji@0
|
983
|
yuuji@0
|
984 Security issues are discussed throughout this memo.
|
yuuji@0
|
985
|
yuuji@0
|
986 Many existing SASL mechanisms do not provide adequate protection
|
yuuji@0
|
987 against passive attacks, let alone active attacks, in the
|
yuuji@0
|
988 authentication exchange. Many existing SASL mechanisms do not offer
|
yuuji@0
|
989 security layers. It is hoped that future SASL mechanisms will
|
yuuji@0
|
990 provide strong protection against passive and active attacks in the
|
yuuji@0
|
991 authentication exchange, as well as security layers with strong basic
|
yuuji@0
|
992 data security features (e.g., data integrity and data
|
yuuji@0
|
993 confidentiality) services. It is also hoped that future mechanisms
|
yuuji@0
|
994 will provide more advanced data security services like re-keying (see
|
yuuji@0
|
995 Section 6.3).
|
yuuji@0
|
996
|
yuuji@0
|
997 Regardless, the SASL framework is susceptible to downgrade attacks.
|
yuuji@0
|
998 Section 6.1.2 offers a variety of approaches for preventing or
|
yuuji@0
|
999 detecting these attacks. In some cases, it is appropriate to use
|
yuuji@0
|
1000 data integrity protective services external to SASL (e.g., TLS) to
|
yuuji@0
|
1001 protect against downgrade attacks in SASL. Use of external
|
yuuji@0
|
1002 protective security services is also important when the mechanisms
|
yuuji@0
|
1003 available do not themselves offer adequate integrity and/or
|
yuuji@0
|
1004 confidentiality protection of the authentication exchange and/or
|
yuuji@0
|
1005 protocol data.
|
yuuji@0
|
1006
|
yuuji@0
|
1007
|
yuuji@0
|
1008
|
yuuji@0
|
1009
|
yuuji@0
|
1010 Melnikov & Zeilenga Standards Track [Page 18]
|
yuuji@0
|
1011
|
yuuji@0
|
1012 RFC 4422 SASL June 2006
|
yuuji@0
|
1013
|
yuuji@0
|
1014
|
yuuji@0
|
1015 6.1. Active Attacks
|
yuuji@0
|
1016
|
yuuji@0
|
1017 6.1.1. Hijack Attacks
|
yuuji@0
|
1018
|
yuuji@0
|
1019 When the client selects a SASL security layer with at least integrity
|
yuuji@0
|
1020 protection, this protection serves as a counter-measure against an
|
yuuji@0
|
1021 active attacker hijacking the connection and modifying protocol data
|
yuuji@0
|
1022 sent after establishment of the security layer. Implementations
|
yuuji@0
|
1023 SHOULD close the connection when the security services in a SASL
|
yuuji@0
|
1024 security layer report protocol data report lack of data integrity.
|
yuuji@0
|
1025
|
yuuji@0
|
1026 6.1.2. Downgrade Attacks
|
yuuji@0
|
1027
|
yuuji@0
|
1028 It is important that any security-sensitive protocol negotiations be
|
yuuji@0
|
1029 performed after installation of a security layer with data integrity
|
yuuji@0
|
1030 protection. Protocols should be designed such that negotiations
|
yuuji@0
|
1031 performed prior to this installation should be revalidated after
|
yuuji@0
|
1032 installation is complete. Negotiation of the SASL mechanism is
|
yuuji@0
|
1033 security sensitive.
|
yuuji@0
|
1034
|
yuuji@0
|
1035 When a client negotiates the authentication mechanism with the server
|
yuuji@0
|
1036 and/or other security features, it is possible for an active attacker
|
yuuji@0
|
1037 to cause a party to use the least secure security services available.
|
yuuji@0
|
1038 For instance, an attacker can modify the server-advertised mechanism
|
yuuji@0
|
1039 list or can modify the client-advertised security feature list within
|
yuuji@0
|
1040 a mechanism response. To protect against this sort of attack,
|
yuuji@0
|
1041 implementations SHOULD NOT advertise mechanisms and/or features that
|
yuuji@0
|
1042 cannot meet their minimum security requirements, SHOULD NOT enter
|
yuuji@0
|
1043 into or continue authentication exchanges that cannot meet their
|
yuuji@0
|
1044 minimum security requirements, and SHOULD verify that completed
|
yuuji@0
|
1045 authentication exchanges result in security services that meet their
|
yuuji@0
|
1046 minimum security requirements. Note that each endpoint needs to
|
yuuji@0
|
1047 independently verify that its security requirements are met.
|
yuuji@0
|
1048
|
yuuji@0
|
1049 In order to detect downgrade attacks to the least (or less) secure
|
yuuji@0
|
1050 mechanism supported, the client can discover the SASL mechanisms that
|
yuuji@0
|
1051 the server makes available both before the SASL authentication
|
yuuji@0
|
1052 exchange and after the negotiated SASL security layer (with at least
|
yuuji@0
|
1053 data integrity protection) has been installed through the protocol's
|
yuuji@0
|
1054 mechanism discovery facility. If the client finds that the
|
yuuji@0
|
1055 integrity-protected list (the list obtained after the security layer
|
yuuji@0
|
1056 was installed) contains a stronger mechanism than those in the
|
yuuji@0
|
1057 previously obtained list, the client should assume that the
|
yuuji@0
|
1058 previously obtained list was modified by an attacker and SHOULD close
|
yuuji@0
|
1059 the underlying transport connection.
|
yuuji@0
|
1060
|
yuuji@0
|
1061 The client's initiation of the SASL exchange, including the selection
|
yuuji@0
|
1062 of a SASL mechanism, is done in the clear and may be modified by an
|
yuuji@0
|
1063
|
yuuji@0
|
1064
|
yuuji@0
|
1065
|
yuuji@0
|
1066 Melnikov & Zeilenga Standards Track [Page 19]
|
yuuji@0
|
1067
|
yuuji@0
|
1068 RFC 4422 SASL June 2006
|
yuuji@0
|
1069
|
yuuji@0
|
1070
|
yuuji@0
|
1071 active attacker. It is important for any new SASL mechanisms to be
|
yuuji@0
|
1072 designed such that an active attacker cannot obtain an authentication
|
yuuji@0
|
1073 with weaker security properties by modifying the SASL mechanism name
|
yuuji@0
|
1074 and/or the challenges and responses.
|
yuuji@0
|
1075
|
yuuji@0
|
1076 Multi-level negotiation of security features is prone to downgrade
|
yuuji@0
|
1077 attack. Protocol designers should avoid offering higher-level
|
yuuji@0
|
1078 negotiation of security features in protocols (e.g., above SASL
|
yuuji@0
|
1079 mechanism negotiation) and mechanism designers should avoid lower-
|
yuuji@0
|
1080 level negotiation of security features in mechanisms (e.g., below
|
yuuji@0
|
1081 SASL mechanism negotiation).
|
yuuji@0
|
1082
|
yuuji@0
|
1083 6.1.3. Replay Attacks
|
yuuji@0
|
1084
|
yuuji@0
|
1085 Some mechanisms may be subject to replay attacks unless protected by
|
yuuji@0
|
1086 external data security services (e.g., TLS).
|
yuuji@0
|
1087
|
yuuji@0
|
1088 6.1.4. Truncation Attacks
|
yuuji@0
|
1089
|
yuuji@0
|
1090 Most existing SASL security layers do not themselves offer protection
|
yuuji@0
|
1091 against truncation attack. In a truncation attack, the active
|
yuuji@0
|
1092 attacker causes the protocol session to be closed, causing a
|
yuuji@0
|
1093 truncation of the possibly integrity-protected data stream that leads
|
yuuji@0
|
1094 to behavior of one or both the protocol peers that inappropriately
|
yuuji@0
|
1095 benefits the attacker. Truncation attacks are fairly easy to defend
|
yuuji@0
|
1096 against in connection-oriented application-level protocols. A
|
yuuji@0
|
1097 protocol can defend against these attacks by ensuring that each
|
yuuji@0
|
1098 information exchange has a clear final result and that each protocol
|
yuuji@0
|
1099 session has a graceful closure mechanism, and that these are
|
yuuji@0
|
1100 integrity protected.
|
yuuji@0
|
1101
|
yuuji@0
|
1102 6.1.5. Other Active Attacks
|
yuuji@0
|
1103
|
yuuji@0
|
1104 When use of a security layer is negotiated by the authentication
|
yuuji@0
|
1105 protocol exchange, the receiver SHOULD handle gracefully any
|
yuuji@0
|
1106 protected data buffer larger than the defined/negotiated maximal
|
yuuji@0
|
1107 size. In particular, it MUST NOT blindly allocate the amount of
|
yuuji@0
|
1108 memory specified in the buffer size field, as this might cause the
|
yuuji@0
|
1109 "out of memory" condition. If the receiver detects a large block, it
|
yuuji@0
|
1110 SHOULD close the connection.
|
yuuji@0
|
1111
|
yuuji@0
|
1112 6.2. Passive Attacks
|
yuuji@0
|
1113
|
yuuji@0
|
1114 Many mechanisms are subject to various passive attacks, including
|
yuuji@0
|
1115 simple eavesdropping of unprotected credential information as well as
|
yuuji@0
|
1116 online and offline dictionary attacks of protected credential
|
yuuji@0
|
1117 information.
|
yuuji@0
|
1118
|
yuuji@0
|
1119
|
yuuji@0
|
1120
|
yuuji@0
|
1121
|
yuuji@0
|
1122 Melnikov & Zeilenga Standards Track [Page 20]
|
yuuji@0
|
1123
|
yuuji@0
|
1124 RFC 4422 SASL June 2006
|
yuuji@0
|
1125
|
yuuji@0
|
1126
|
yuuji@0
|
1127 6.3. Re-keying
|
yuuji@0
|
1128
|
yuuji@0
|
1129 The secure or administratively permitted lifetimes of SASL
|
yuuji@0
|
1130 mechanisms' security layers are finite. Cryptographic keys weaken as
|
yuuji@0
|
1131 they are used and as time passes; the more time and/or cipher-text
|
yuuji@0
|
1132 that a cryptanalyst has after the first use of the a key, the easier
|
yuuji@0
|
1133 it is for the cryptanalyst to mount attacks on the key.
|
yuuji@0
|
1134
|
yuuji@0
|
1135 Administrative limits on a security layer's lifetime may take the
|
yuuji@0
|
1136 form of time limits expressed in X.509 certificates, in Kerberos V
|
yuuji@0
|
1137 tickets, or in directories, and are often desired. In practice, one
|
yuuji@0
|
1138 likely effect of administrative lifetime limits is that applications
|
yuuji@0
|
1139 may find that security layers stop working in the middle of
|
yuuji@0
|
1140 application protocol operation, such as, perhaps, during large data
|
yuuji@0
|
1141 transfers. As the result of this, the connection will be closed (see
|
yuuji@0
|
1142 Section 3.7), which will result in an unpleasant user experience.
|
yuuji@0
|
1143
|
yuuji@0
|
1144 Re-keying (key renegotiation process) is a way of addressing the
|
yuuji@0
|
1145 weakening of cryptographic keys. The SASL framework does not itself
|
yuuji@0
|
1146 provide for re-keying; SASL mechanisms may. Designers of future SASL
|
yuuji@0
|
1147 mechanisms should consider providing re-keying services.
|
yuuji@0
|
1148
|
yuuji@0
|
1149 Implementations that wish to re-key SASL security layers where the
|
yuuji@0
|
1150 mechanism does not provide for re-keying SHOULD reauthenticate the
|
yuuji@0
|
1151 same IDs and replace the expired or soon-to-expire security layers.
|
yuuji@0
|
1152 This approach requires support for reauthentication in the
|
yuuji@0
|
1153 application protocols (see Section 3.8).
|
yuuji@0
|
1154
|
yuuji@0
|
1155 6.4. Other Considerations
|
yuuji@0
|
1156
|
yuuji@0
|
1157 Protocol designers and implementors should understand the security
|
yuuji@0
|
1158 considerations of mechanisms so they may select mechanisms that are
|
yuuji@0
|
1159 applicable to their needs.
|
yuuji@0
|
1160
|
yuuji@0
|
1161 Distributed server implementations need to be careful in how they
|
yuuji@0
|
1162 trust other parties. In particular, authentication secrets should
|
yuuji@0
|
1163 only be disclosed to other parties that are trusted to manage and use
|
yuuji@0
|
1164 those secrets in a manner acceptable to the disclosing party.
|
yuuji@0
|
1165 Applications using SASL assume that SASL security layers providing
|
yuuji@0
|
1166 data confidentiality are secure even when an attacker chooses the
|
yuuji@0
|
1167 text to be protected by the security layer. Similarly, applications
|
yuuji@0
|
1168 assume that the SASL security layer is secure even if the attacker
|
yuuji@0
|
1169 can manipulate the cipher-text output of the security layer. New
|
yuuji@0
|
1170 SASL mechanisms are expected to meet these assumptions.
|
yuuji@0
|
1171
|
yuuji@0
|
1172
|
yuuji@0
|
1173
|
yuuji@0
|
1174
|
yuuji@0
|
1175
|
yuuji@0
|
1176
|
yuuji@0
|
1177
|
yuuji@0
|
1178 Melnikov & Zeilenga Standards Track [Page 21]
|
yuuji@0
|
1179
|
yuuji@0
|
1180 RFC 4422 SASL June 2006
|
yuuji@0
|
1181
|
yuuji@0
|
1182
|
yuuji@0
|
1183 Unicode security considerations [UTR36] apply to authorization
|
yuuji@0
|
1184 identity strings, as well as UTF-8 [RFC3629] security considerations
|
yuuji@0
|
1185 where UTF-8 is used. SASLprep [RFC4013] and StringPrep [RFC3454]
|
yuuji@0
|
1186 security considerations also apply where used.
|
yuuji@0
|
1187
|
yuuji@0
|
1188 7. IANA Considerations
|
yuuji@0
|
1189
|
yuuji@0
|
1190 7.1. SASL Mechanism Registry
|
yuuji@0
|
1191
|
yuuji@0
|
1192 The SASL mechanism registry is maintained by IANA. The registry is
|
yuuji@0
|
1193 currently available at <http://www.iana.org/assignments/sasl-
|
yuuji@0
|
1194 mechanisms>.
|
yuuji@0
|
1195
|
yuuji@0
|
1196 The purpose of this registry is not only to ensure uniqueness of
|
yuuji@0
|
1197 values used to name SASL mechanisms, but also to provide a definitive
|
yuuji@0
|
1198 reference to technical specifications detailing each SASL mechanism
|
yuuji@0
|
1199 available for use on the Internet.
|
yuuji@0
|
1200
|
yuuji@0
|
1201 There is no naming convention for SASL mechanisms; any name that
|
yuuji@0
|
1202 conforms to the syntax of a SASL mechanism name can be registered.
|
yuuji@0
|
1203
|
yuuji@0
|
1204 The procedure detailed in Section 7.1.1 is to be used for
|
yuuji@0
|
1205 registration of a value naming a specific individual mechanism.
|
yuuji@0
|
1206
|
yuuji@0
|
1207 The procedure detailed in Section 7.1.2 is to be used for
|
yuuji@0
|
1208 registration of a value naming a family of related mechanisms.
|
yuuji@0
|
1209
|
yuuji@0
|
1210 Comments may be included in the registry as discussed in Section
|
yuuji@0
|
1211 7.1.3 and may be changed as discussed in Section 7.1.4.
|
yuuji@0
|
1212
|
yuuji@0
|
1213 The SASL mechanism registry has been updated to reflect that this
|
yuuji@0
|
1214 document provides the definitive technical specification for SASL and
|
yuuji@0
|
1215 that this section provides the registration procedures for this
|
yuuji@0
|
1216 registry.
|
yuuji@0
|
1217
|
yuuji@0
|
1218
|
yuuji@0
|
1219
|
yuuji@0
|
1220
|
yuuji@0
|
1221
|
yuuji@0
|
1222
|
yuuji@0
|
1223
|
yuuji@0
|
1224
|
yuuji@0
|
1225
|
yuuji@0
|
1226
|
yuuji@0
|
1227
|
yuuji@0
|
1228
|
yuuji@0
|
1229
|
yuuji@0
|
1230
|
yuuji@0
|
1231
|
yuuji@0
|
1232
|
yuuji@0
|
1233
|
yuuji@0
|
1234 Melnikov & Zeilenga Standards Track [Page 22]
|
yuuji@0
|
1235
|
yuuji@0
|
1236 RFC 4422 SASL June 2006
|
yuuji@0
|
1237
|
yuuji@0
|
1238
|
yuuji@0
|
1239 7.1.1. Mechanism Name Registration Procedure
|
yuuji@0
|
1240
|
yuuji@0
|
1241 IANA will register new SASL mechanism names on a First Come First
|
yuuji@0
|
1242 Served basis, as defined in BCP 26 [RFC2434]. IANA has the right to
|
yuuji@0
|
1243 reject obviously bogus registration requests, but will perform no
|
yuuji@0
|
1244 review of claims made in the registration form.
|
yuuji@0
|
1245
|
yuuji@0
|
1246 Registration of a SASL mechanism is requested by filling in the
|
yuuji@0
|
1247 following template:
|
yuuji@0
|
1248
|
yuuji@0
|
1249 Subject: Registration of SASL mechanism X
|
yuuji@0
|
1250
|
yuuji@0
|
1251 SASL mechanism name (or prefix for the family):
|
yuuji@0
|
1252
|
yuuji@0
|
1253 Security considerations:
|
yuuji@0
|
1254
|
yuuji@0
|
1255 Published specification (recommended):
|
yuuji@0
|
1256
|
yuuji@0
|
1257 Person & email address to contact for further information:
|
yuuji@0
|
1258
|
yuuji@0
|
1259 Intended usage: (One of COMMON, LIMITED USE, or OBSOLETE)
|
yuuji@0
|
1260
|
yuuji@0
|
1261 Owner/Change controller:
|
yuuji@0
|
1262
|
yuuji@0
|
1263 Note: (Any other information that the author deems relevant may be
|
yuuji@0
|
1264 added here.)
|
yuuji@0
|
1265
|
yuuji@0
|
1266 and sending it via electronic mail to IANA at <iana@iana.org>.
|
yuuji@0
|
1267
|
yuuji@0
|
1268 While this registration procedure does not require expert review,
|
yuuji@0
|
1269 authors of SASL mechanisms are encouraged to seek community review
|
yuuji@0
|
1270 and comment whenever that is feasible. Authors may seek community
|
yuuji@0
|
1271 review by posting a specification of their proposed mechanism as an
|
yuuji@0
|
1272 Internet-Draft. SASL mechanisms intended for widespread use should
|
yuuji@0
|
1273 be standardized through the normal IETF process, when appropriate.
|
yuuji@0
|
1274
|
yuuji@0
|
1275
|
yuuji@0
|
1276
|
yuuji@0
|
1277
|
yuuji@0
|
1278
|
yuuji@0
|
1279
|
yuuji@0
|
1280
|
yuuji@0
|
1281
|
yuuji@0
|
1282
|
yuuji@0
|
1283
|
yuuji@0
|
1284
|
yuuji@0
|
1285
|
yuuji@0
|
1286
|
yuuji@0
|
1287
|
yuuji@0
|
1288
|
yuuji@0
|
1289
|
yuuji@0
|
1290 Melnikov & Zeilenga Standards Track [Page 23]
|
yuuji@0
|
1291
|
yuuji@0
|
1292 RFC 4422 SASL June 2006
|
yuuji@0
|
1293
|
yuuji@0
|
1294
|
yuuji@0
|
1295 7.1.2. Family Name Registration Procedure
|
yuuji@0
|
1296
|
yuuji@0
|
1297 As noted above, there is no general naming convention for SASL
|
yuuji@0
|
1298 mechanisms. However, specifications may reserve a portion of the
|
yuuji@0
|
1299 SASL mechanism namespace for a set of related SASL mechanisms, a
|
yuuji@0
|
1300 "family" of SASL mechanisms. Each family of SASL mechanisms is
|
yuuji@0
|
1301 identified by a unique prefix, such as X-. Registration of new SASL
|
yuuji@0
|
1302 mechanism family names requires expert review as defined in BCP 26
|
yuuji@0
|
1303 [RFC2434].
|
yuuji@0
|
1304
|
yuuji@0
|
1305 Registration of a SASL family name is requested by filling in the
|
yuuji@0
|
1306 following template:
|
yuuji@0
|
1307
|
yuuji@0
|
1308 Subject: Registration of SASL mechanism family X
|
yuuji@0
|
1309
|
yuuji@0
|
1310 SASL family name (or prefix for the family):
|
yuuji@0
|
1311
|
yuuji@0
|
1312 Security considerations:
|
yuuji@0
|
1313
|
yuuji@0
|
1314 Published specification (recommended):
|
yuuji@0
|
1315
|
yuuji@0
|
1316 Person & email address to contact for further information:
|
yuuji@0
|
1317
|
yuuji@0
|
1318 Intended usage: (One of COMMON, LIMITED USE, or OBSOLETE)
|
yuuji@0
|
1319
|
yuuji@0
|
1320 Owner/Change controller:
|
yuuji@0
|
1321
|
yuuji@0
|
1322 Note: (Any other information that the author deems relevant may be
|
yuuji@0
|
1323 added here.)
|
yuuji@0
|
1324
|
yuuji@0
|
1325 and sending it via electronic mail to the IETF SASL mailing list at
|
yuuji@0
|
1326 <ietf-sasl@imc.org> and carbon copying IANA at <iana@iana.org>.
|
yuuji@0
|
1327 After allowing two weeks for community input on the IETF SASL mailing
|
yuuji@0
|
1328 list, the expert will determine the appropriateness of the
|
yuuji@0
|
1329 registration request and either approve or disapprove the request
|
yuuji@0
|
1330 with notice to the requestor, the mailing list, and IANA.
|
yuuji@0
|
1331
|
yuuji@0
|
1332 The review should focus on the appropriateness of the requested
|
yuuji@0
|
1333 family name for the proposed use and the appropriateness of the
|
yuuji@0
|
1334 proposed naming and registration plan for existing and future
|
yuuji@0
|
1335 mechanism names in the family. The scope of this request review may
|
yuuji@0
|
1336 entail consideration of relevant aspects of any provided technical
|
yuuji@0
|
1337 specification, such as their IANA Considerations section. However,
|
yuuji@0
|
1338 this review is narrowly focused on the appropriateness of the
|
yuuji@0
|
1339 requested registration and not on the overall soundness of any
|
yuuji@0
|
1340 provided technical specification.
|
yuuji@0
|
1341
|
yuuji@0
|
1342
|
yuuji@0
|
1343
|
yuuji@0
|
1344
|
yuuji@0
|
1345
|
yuuji@0
|
1346 Melnikov & Zeilenga Standards Track [Page 24]
|
yuuji@0
|
1347
|
yuuji@0
|
1348 RFC 4422 SASL June 2006
|
yuuji@0
|
1349
|
yuuji@0
|
1350
|
yuuji@0
|
1351 Authors are encouraged to pursue community review by posting the
|
yuuji@0
|
1352 technical specification as an Internet-Draft and soliciting comment
|
yuuji@0
|
1353 by posting to appropriate IETF mailing lists.
|
yuuji@0
|
1354
|
yuuji@0
|
1355 7.1.3. Comments on SASL Mechanism Registrations
|
yuuji@0
|
1356
|
yuuji@0
|
1357 Comments on a registered SASL mechanism/family should first be sent
|
yuuji@0
|
1358 to the "owner" of the mechanism/family and/or to the <ietf-
|
yuuji@0
|
1359 sasl@imc.org> mailing list.
|
yuuji@0
|
1360
|
yuuji@0
|
1361 Submitters of comments may, after a reasonable attempt to contact the
|
yuuji@0
|
1362 owner, request IANA to attach their comment to the SASL mechanism
|
yuuji@0
|
1363 registration itself by sending mail to <iana@iana.org>. At IANA's
|
yuuji@0
|
1364 sole discretion, IANA may attach the comment to the SASL mechanism's
|
yuuji@0
|
1365 registration.
|
yuuji@0
|
1366
|
yuuji@0
|
1367 7.1.4. Change Control
|
yuuji@0
|
1368
|
yuuji@0
|
1369 Once a SASL mechanism registration has been published by IANA, the
|
yuuji@0
|
1370 author may request a change to its definition. The change request
|
yuuji@0
|
1371 follows the same procedure as the registration request.
|
yuuji@0
|
1372
|
yuuji@0
|
1373 The owner of a SASL mechanism may pass responsibility for the SASL
|
yuuji@0
|
1374 mechanism to another person or agency by informing IANA; this can be
|
yuuji@0
|
1375 done without discussion or review.
|
yuuji@0
|
1376
|
yuuji@0
|
1377 The IESG may reassign responsibility for a SASL mechanism. The most
|
yuuji@0
|
1378 common case of this will be to enable changes to be made to
|
yuuji@0
|
1379 mechanisms where the author of the registration has died, has moved
|
yuuji@0
|
1380 out of contact, or is otherwise unable to make changes that are
|
yuuji@0
|
1381 important to the community.
|
yuuji@0
|
1382
|
yuuji@0
|
1383 SASL mechanism registrations may not be deleted; mechanisms that are
|
yuuji@0
|
1384 no longer believed appropriate for use can be declared OBSOLETE by a
|
yuuji@0
|
1385 change to their "intended usage" field; such SASL mechanisms will be
|
yuuji@0
|
1386 clearly marked in the lists published by IANA.
|
yuuji@0
|
1387
|
yuuji@0
|
1388 The IESG is considered to be the owner of all SASL mechanisms that
|
yuuji@0
|
1389 are on the IETF standards track.
|
yuuji@0
|
1390
|
yuuji@0
|
1391
|
yuuji@0
|
1392
|
yuuji@0
|
1393
|
yuuji@0
|
1394
|
yuuji@0
|
1395
|
yuuji@0
|
1396
|
yuuji@0
|
1397
|
yuuji@0
|
1398
|
yuuji@0
|
1399
|
yuuji@0
|
1400
|
yuuji@0
|
1401
|
yuuji@0
|
1402 Melnikov & Zeilenga Standards Track [Page 25]
|
yuuji@0
|
1403
|
yuuji@0
|
1404 RFC 4422 SASL June 2006
|
yuuji@0
|
1405
|
yuuji@0
|
1406
|
yuuji@0
|
1407 7.2. Registration Changes
|
yuuji@0
|
1408
|
yuuji@0
|
1409 The IANA has updated the SASL mechanisms registry as follows:
|
yuuji@0
|
1410
|
yuuji@0
|
1411 1) Changed the "Intended usage" of the KERBEROS_V4 and SKEY mechanism
|
yuuji@0
|
1412 registrations to OBSOLETE.
|
yuuji@0
|
1413
|
yuuji@0
|
1414 2) Changed the "Published specification" of the EXTERNAL mechanism to
|
yuuji@0
|
1415 this document as indicated below:
|
yuuji@0
|
1416
|
yuuji@0
|
1417 Subject: Updated Registration of SASL mechanism EXTERNAL
|
yuuji@0
|
1418 Family of SASL mechanisms: NO
|
yuuji@0
|
1419 SASL mechanism name: EXTERNAL
|
yuuji@0
|
1420 Security considerations: See A.3 of RFC 4422
|
yuuji@0
|
1421 Published specification (optional, recommended): RFC 4422
|
yuuji@0
|
1422 Person & email address to contact for further information:
|
yuuji@0
|
1423 Alexey Melnikov <Alexey.Melnikov@isode.com>
|
yuuji@0
|
1424 Intended usage: COMMON
|
yuuji@0
|
1425 Owner/Change controller: IESG <iesg@ietf.org>
|
yuuji@0
|
1426 Note: Updates existing entry for EXTERNAL
|
yuuji@0
|
1427
|
yuuji@0
|
1428 8. References
|
yuuji@0
|
1429
|
yuuji@0
|
1430 8.1. Normative References
|
yuuji@0
|
1431
|
yuuji@0
|
1432 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
|
yuuji@0
|
1433 Requirement Levels", BCP 14, RFC 2119, March 1997.
|
yuuji@0
|
1434
|
yuuji@0
|
1435 [RFC2244] Newman, C. and J. G. Myers, "ACAP -- Application
|
yuuji@0
|
1436 Configuration Access Protocol", RFC 2244, November
|
yuuji@0
|
1437 1997.
|
yuuji@0
|
1438
|
yuuji@0
|
1439 [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing
|
yuuji@0
|
1440 an IANA Considerations Section in RFCs", BCP 26, RFC
|
yuuji@0
|
1441 2434, October 1998.
|
yuuji@0
|
1442
|
yuuji@0
|
1443 [RFC2743] Linn, J., "Generic Security Service Application Program
|
yuuji@0
|
1444 Interface Version 2, Update 1", RFC 2743, January 2000.
|
yuuji@0
|
1445
|
yuuji@0
|
1446 [RFC3454] Hoffman, P. and M. Blanchet, "Preparation of
|
yuuji@0
|
1447 Internationalized Strings ("stringprep")", RFC 3454,
|
yuuji@0
|
1448 December 2002.
|
yuuji@0
|
1449
|
yuuji@0
|
1450 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
|
yuuji@0
|
1451 10646", STD 63, RFC 3629, November 2003.
|
yuuji@0
|
1452
|
yuuji@0
|
1453 [RFC4013] Zeilenga, K., "SASLprep: Stringprep Profile for User
|
yuuji@0
|
1454 Names and Passwords", RFC 4013, February 2005.
|
yuuji@0
|
1455
|
yuuji@0
|
1456
|
yuuji@0
|
1457
|
yuuji@0
|
1458 Melnikov & Zeilenga Standards Track [Page 26]
|
yuuji@0
|
1459
|
yuuji@0
|
1460 RFC 4422 SASL June 2006
|
yuuji@0
|
1461
|
yuuji@0
|
1462
|
yuuji@0
|
1463 [RFC4234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
|
yuuji@0
|
1464 Specifications: ABNF", RFC 4234, October 2005.
|
yuuji@0
|
1465
|
yuuji@0
|
1466 [ASCII] Coded Character Set--7-bit American Standard Code for
|
yuuji@0
|
1467 Information Interchange, ANSI X3.4-1986.
|
yuuji@0
|
1468
|
yuuji@0
|
1469 [Unicode] The Unicode Consortium, "The Unicode Standard, Version
|
yuuji@0
|
1470 3.2.0" is defined by "The Unicode Standard, Version
|
yuuji@0
|
1471 3.0" (Reading, MA, Addison-Wesley, 2000. ISBN 0-201-
|
yuuji@0
|
1472 61633-5), as amended by the "Unicode Standard Annex
|
yuuji@0
|
1473 #27: Unicode 3.1"
|
yuuji@0
|
1474 (http://www.unicode.org/reports/tr27/) and by the
|
yuuji@0
|
1475 "Unicode Standard Annex #28: Unicode 3.2"
|
yuuji@0
|
1476 (http://www.unicode.org/reports/tr28/).
|
yuuji@0
|
1477
|
yuuji@0
|
1478 [CharModel] Whistler, K. and M. Davis, "Unicode Technical Report
|
yuuji@0
|
1479 #17, Character Encoding Model", UTR17,
|
yuuji@0
|
1480 <http://www.unicode.org/unicode/reports/tr17/>, August
|
yuuji@0
|
1481 2000.
|
yuuji@0
|
1482
|
yuuji@0
|
1483 [Glossary] The Unicode Consortium, "Unicode Glossary",
|
yuuji@0
|
1484 <http://www.unicode.org/glossary/>.
|
yuuji@0
|
1485
|
yuuji@0
|
1486 8.2. Informative References
|
yuuji@0
|
1487
|
yuuji@0
|
1488 [RFC3206] Gellens, R., "The SYS and AUTH POP Response Codes", RFC
|
yuuji@0
|
1489 3206, February 2002.
|
yuuji@0
|
1490
|
yuuji@0
|
1491 [RFC3548] Josefsson, S., "The Base16, Base32, and Base64 Data
|
yuuji@0
|
1492 Encodings", RFC 3548, July 2003.
|
yuuji@0
|
1493
|
yuuji@0
|
1494 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the
|
yuuji@0
|
1495 Internet Protocol", RFC 4301, December 2005.
|
yuuji@0
|
1496
|
yuuji@0
|
1497 [RFC4346] Dierks, T. and E. Rescorla, "The Transport Layer
|
yuuji@0
|
1498 Security (TLS) Protocol Version 1.1", RFC 4346, April
|
yuuji@0
|
1499 2006.
|
yuuji@0
|
1500
|
yuuji@0
|
1501 [SASL-GSSAPI] Melnikov, A. (Editor), "The Kerberos V5 ("GSSAPI") SASL
|
yuuji@0
|
1502 Mechanism", Work in Progress, May 2006.
|
yuuji@0
|
1503
|
yuuji@0
|
1504 [UTR36] Davis, M., "(Draft) Unicode Technical Report #36,
|
yuuji@0
|
1505 Character Encoding Model", UTR17,
|
yuuji@0
|
1506 <http://www.unicode.org/unicode/reports/tr36/>,
|
yuuji@0
|
1507 February 2005.
|
yuuji@0
|
1508
|
yuuji@0
|
1509 [CRAM-MD5] Nerenberg, L., "The CRAM-MD5 SASL Mechanism", Work in
|
yuuji@0
|
1510 Progress.
|
yuuji@0
|
1511
|
yuuji@0
|
1512
|
yuuji@0
|
1513
|
yuuji@0
|
1514 Melnikov & Zeilenga Standards Track [Page 27]
|
yuuji@0
|
1515
|
yuuji@0
|
1516 RFC 4422 SASL June 2006
|
yuuji@0
|
1517
|
yuuji@0
|
1518
|
yuuji@0
|
1519 [DIGEST-MD5] Leach, P., C. Newman, and A. Melnikov, "Using Digest
|
yuuji@0
|
1520 Authentication as a SASL Mechanism", Work in Progress,
|
yuuji@0
|
1521 March 2006.
|
yuuji@0
|
1522
|
yuuji@0
|
1523 9. Acknowledgements
|
yuuji@0
|
1524
|
yuuji@0
|
1525 This document is a revision of RFC 2222 written by John Myers.
|
yuuji@0
|
1526
|
yuuji@0
|
1527 This revision is a product of the IETF Simple Authentication and
|
yuuji@0
|
1528 Security Layer (SASL) Working Group.
|
yuuji@0
|
1529
|
yuuji@0
|
1530 The following individuals contributed significantly to this revision:
|
yuuji@0
|
1531 Abhijit Menon-Sen, Hallvard Furuseth, Jeffrey Hutzelman, John Myers,
|
yuuji@0
|
1532 Luke Howard, Magnus Nystrom, Nicolas Williams, Peter Saint-Andre, RL
|
yuuji@0
|
1533 'Bob' Morgan, Rob Siemborski, Sam Hartman, Simon Josefsson, Tim
|
yuuji@0
|
1534 Alsop, and Tony Hansen.
|
yuuji@0
|
1535
|
yuuji@0
|
1536
|
yuuji@0
|
1537
|
yuuji@0
|
1538
|
yuuji@0
|
1539
|
yuuji@0
|
1540
|
yuuji@0
|
1541
|
yuuji@0
|
1542
|
yuuji@0
|
1543
|
yuuji@0
|
1544
|
yuuji@0
|
1545
|
yuuji@0
|
1546
|
yuuji@0
|
1547
|
yuuji@0
|
1548
|
yuuji@0
|
1549
|
yuuji@0
|
1550
|
yuuji@0
|
1551
|
yuuji@0
|
1552
|
yuuji@0
|
1553
|
yuuji@0
|
1554
|
yuuji@0
|
1555
|
yuuji@0
|
1556
|
yuuji@0
|
1557
|
yuuji@0
|
1558
|
yuuji@0
|
1559
|
yuuji@0
|
1560
|
yuuji@0
|
1561
|
yuuji@0
|
1562
|
yuuji@0
|
1563
|
yuuji@0
|
1564
|
yuuji@0
|
1565
|
yuuji@0
|
1566
|
yuuji@0
|
1567
|
yuuji@0
|
1568
|
yuuji@0
|
1569
|
yuuji@0
|
1570 Melnikov & Zeilenga Standards Track [Page 28]
|
yuuji@0
|
1571
|
yuuji@0
|
1572 RFC 4422 SASL June 2006
|
yuuji@0
|
1573
|
yuuji@0
|
1574
|
yuuji@0
|
1575 Appendix A. The SASL EXTERNAL Mechanism
|
yuuji@0
|
1576
|
yuuji@0
|
1577 This appendix is normative.
|
yuuji@0
|
1578
|
yuuji@0
|
1579 The EXTERNAL mechanism allows a client to request the server to use
|
yuuji@0
|
1580 credentials established by means external to the mechanism to
|
yuuji@0
|
1581 authenticate the client. The external means may be, for instance, IP
|
yuuji@0
|
1582 Security [RFC4301] or TLS [RFC4346] services. In absence of some a
|
yuuji@0
|
1583 priori agreement between the client and the server, the client cannot
|
yuuji@0
|
1584 make any assumption as to what external means the server has used to
|
yuuji@0
|
1585 obtain the client's credentials, nor make an assumption as to the
|
yuuji@0
|
1586 form of credentials. For example, the client cannot assume that the
|
yuuji@0
|
1587 server will use the credentials the client has established via TLS.
|
yuuji@0
|
1588
|
yuuji@0
|
1589 A.1. EXTERNAL Technical Specification
|
yuuji@0
|
1590
|
yuuji@0
|
1591 The name of this mechanism is "EXTERNAL".
|
yuuji@0
|
1592
|
yuuji@0
|
1593 The mechanism does not provide a security layer.
|
yuuji@0
|
1594
|
yuuji@0
|
1595 The mechanism is capable of transferring an authorization identity
|
yuuji@0
|
1596 string. If empty, the client is requesting to act as the identity
|
yuuji@0
|
1597 the server has associated with the client's credentials. If non-
|
yuuji@0
|
1598 empty, the client is requesting to act as the identity represented by
|
yuuji@0
|
1599 the string.
|
yuuji@0
|
1600
|
yuuji@0
|
1601 The client is expected to send data first in the authentication
|
yuuji@0
|
1602 exchange. Where the client does not provide an initial response data
|
yuuji@0
|
1603 in its request to initiate the authentication exchange, the server is
|
yuuji@0
|
1604 to respond to the request with an empty initial challenge and then
|
yuuji@0
|
1605 the client is to provide its initial response.
|
yuuji@0
|
1606
|
yuuji@0
|
1607 The client sends the initial response containing the UTF-8 [RFC3629]
|
yuuji@0
|
1608 encoding of the requested authorization identity string. This
|
yuuji@0
|
1609 response is non-empty when the client is requesting to act as the
|
yuuji@0
|
1610 identity represented by the (non-empty) string. This response is
|
yuuji@0
|
1611 empty when the client is requesting to act as the identity the server
|
yuuji@0
|
1612 associated with its authentication credentials.
|
yuuji@0
|
1613
|
yuuji@0
|
1614 The syntax of the initial response is specified as a value of the
|
yuuji@0
|
1615 <extern-initial-resp> production detailed below using the Augmented
|
yuuji@0
|
1616 Backus-Naur Form (ABNF) [RFC4234] notation.
|
yuuji@0
|
1617
|
yuuji@0
|
1618 external-initial-resp = authz-id-string
|
yuuji@0
|
1619 authz-id-string = *( UTF8-char-no-nul )
|
yuuji@0
|
1620 UTF8-char-no-nul = UTF8-1-no-nul / UTF8-2 / UTF8-3 / UTF8-4
|
yuuji@0
|
1621 UTF8-1-no-nul = %x01-7F
|
yuuji@0
|
1622
|
yuuji@0
|
1623
|
yuuji@0
|
1624
|
yuuji@0
|
1625
|
yuuji@0
|
1626 Melnikov & Zeilenga Standards Track [Page 29]
|
yuuji@0
|
1627
|
yuuji@0
|
1628 RFC 4422 SASL June 2006
|
yuuji@0
|
1629
|
yuuji@0
|
1630
|
yuuji@0
|
1631 where the <UTF8-2>, <UTF8-3>, and <UTF8-4> productions are as defined
|
yuuji@0
|
1632 in [RFC3629].
|
yuuji@0
|
1633
|
yuuji@0
|
1634 There are no additional challenges and responses.
|
yuuji@0
|
1635
|
yuuji@0
|
1636 Hence, the server is to return the outcome of the authentication
|
yuuji@0
|
1637 exchange.
|
yuuji@0
|
1638
|
yuuji@0
|
1639 The exchange fails if
|
yuuji@0
|
1640
|
yuuji@0
|
1641 - the client has not established its credentials via external means,
|
yuuji@0
|
1642
|
yuuji@0
|
1643 - the client's credentials are inadequate,
|
yuuji@0
|
1644
|
yuuji@0
|
1645 - the client provided an empty authorization identity string and the
|
yuuji@0
|
1646 server is unwilling or unable to associate an authorization
|
yuuji@0
|
1647 identity with the client's credentials,
|
yuuji@0
|
1648
|
yuuji@0
|
1649 - the client provided a non-empty authorization identity string that
|
yuuji@0
|
1650 is invalid per the syntax requirements of the applicable
|
yuuji@0
|
1651 application protocol specification,
|
yuuji@0
|
1652
|
yuuji@0
|
1653 - the client provided a non-empty authorization identity string
|
yuuji@0
|
1654 representing an identity that the client is not allowed to act as,
|
yuuji@0
|
1655 or
|
yuuji@0
|
1656
|
yuuji@0
|
1657 - the server is unwilling or unable to provide service to the client
|
yuuji@0
|
1658 for any other reason.
|
yuuji@0
|
1659
|
yuuji@0
|
1660 Otherwise the exchange is successful. When indicating a successful
|
yuuji@0
|
1661 outcome, additional data is not provided.
|
yuuji@0
|
1662
|
yuuji@0
|
1663 A.2. SASL EXTERNAL Examples
|
yuuji@0
|
1664
|
yuuji@0
|
1665 This section provides examples of EXTERNAL authentication exchanges.
|
yuuji@0
|
1666 The examples are intended to help the readers understand the above
|
yuuji@0
|
1667 text. The examples are not definitive. The Application
|
yuuji@0
|
1668 Configuration Access Protocol (ACAP) [RFC2244] is used in the
|
yuuji@0
|
1669 examples.
|
yuuji@0
|
1670
|
yuuji@0
|
1671 The first example shows use of EXTERNAL with an empty authorization
|
yuuji@0
|
1672 identity. In this example, the initial response is not sent in the
|
yuuji@0
|
1673 client's request to initiate the authentication exchange.
|
yuuji@0
|
1674
|
yuuji@0
|
1675 S: * ACAP (SASL "DIGEST-MD5")
|
yuuji@0
|
1676 C: a001 STARTTLS
|
yuuji@0
|
1677 S: a001 OK "Begin TLS negotiation now"
|
yuuji@0
|
1678 <TLS negotiation, further commands are under TLS layer>
|
yuuji@0
|
1679
|
yuuji@0
|
1680
|
yuuji@0
|
1681
|
yuuji@0
|
1682 Melnikov & Zeilenga Standards Track [Page 30]
|
yuuji@0
|
1683
|
yuuji@0
|
1684 RFC 4422 SASL June 2006
|
yuuji@0
|
1685
|
yuuji@0
|
1686
|
yuuji@0
|
1687 S: * ACAP (SASL "DIGEST-MD5" "EXTERNAL")
|
yuuji@0
|
1688 C: a002 AUTHENTICATE "EXTERNAL"
|
yuuji@0
|
1689 S: + ""
|
yuuji@0
|
1690 C: + ""
|
yuuji@0
|
1691 S: a002 OK "Authenticated"
|
yuuji@0
|
1692
|
yuuji@0
|
1693 The second example shows use of EXTERNAL with an authorization
|
yuuji@0
|
1694 identity of "fred@example.com". In this example, the initial
|
yuuji@0
|
1695 response is sent with the client's request to initiate the
|
yuuji@0
|
1696 authentication exchange. This saves a round-trip.
|
yuuji@0
|
1697
|
yuuji@0
|
1698 S: * ACAP (SASL "DIGEST-MD5")
|
yuuji@0
|
1699 C: a001 STARTTLS
|
yuuji@0
|
1700 S: a001 OK "Begin TLS negotiation now"
|
yuuji@0
|
1701 <TLS negotiation, further commands are under TLS layer>
|
yuuji@0
|
1702 S: * ACAP (SASL "DIGEST-MD5" "EXTERNAL")
|
yuuji@0
|
1703 C: a002 AUTHENTICATE "EXTERNAL" {16+}
|
yuuji@0
|
1704 C: fred@example.com
|
yuuji@0
|
1705 S: a002 NO "Cannot assume requested authorization identity"
|
yuuji@0
|
1706
|
yuuji@0
|
1707 A.3. Security Considerations
|
yuuji@0
|
1708
|
yuuji@0
|
1709 The EXTERNAL mechanism provides no security protection; it is
|
yuuji@0
|
1710 vulnerable to spoofing by either client or server, active attack, and
|
yuuji@0
|
1711 eavesdropping. It should only be used when adequate security
|
yuuji@0
|
1712 services have been established.
|
yuuji@0
|
1713
|
yuuji@0
|
1714 Appendix B. Changes since RFC 2222
|
yuuji@0
|
1715
|
yuuji@0
|
1716 This appendix is non-normative.
|
yuuji@0
|
1717
|
yuuji@0
|
1718 The material in RFC 2222 was significantly rewritten in the
|
yuuji@0
|
1719 production of this document.
|
yuuji@0
|
1720
|
yuuji@0
|
1721 RFC 2222, by not stating that the authorization identity string was a
|
yuuji@0
|
1722 string of Unicode characters, let alone character data, implied that
|
yuuji@0
|
1723 the authorization identity string was a string of octets.
|
yuuji@0
|
1724
|
yuuji@0
|
1725 - The authorization identity string is now defined as a string of
|
yuuji@0
|
1726 Unicode characters. The NUL (U+0000) character is prohibited.
|
yuuji@0
|
1727 While protocol specifications are responsible for defining the
|
yuuji@0
|
1728 authorization identity form, as well as the Unicode string syntax
|
yuuji@0
|
1729 and related semantics, mechanism specifications are responsible
|
yuuji@0
|
1730 for defining how the Unicode string is carried in the
|
yuuji@0
|
1731 authentication exchange.
|
yuuji@0
|
1732
|
yuuji@0
|
1733 - Deleted "If so, when the client does not send data first, the
|
yuuji@0
|
1734 initial challenge MUST be specified as being an empty challenge."
|
yuuji@0
|
1735
|
yuuji@0
|
1736
|
yuuji@0
|
1737
|
yuuji@0
|
1738 Melnikov & Zeilenga Standards Track [Page 31]
|
yuuji@0
|
1739
|
yuuji@0
|
1740 RFC 4422 SASL June 2006
|
yuuji@0
|
1741
|
yuuji@0
|
1742
|
yuuji@0
|
1743 The following technical change was made to the EXTERNAL mechanism:
|
yuuji@0
|
1744
|
yuuji@0
|
1745 - The authorization identity string is to be UTF-8 encoded.
|
yuuji@0
|
1746
|
yuuji@0
|
1747 Note that protocol and mechanism specification requirements have
|
yuuji@0
|
1748 been significantly tightened. Existing protocol and mechanism
|
yuuji@0
|
1749 specifications will need to be updated to meet these requirements.
|
yuuji@0
|
1750
|
yuuji@0
|
1751 Editors' Addresses
|
yuuji@0
|
1752
|
yuuji@0
|
1753 Alexey Melnikov
|
yuuji@0
|
1754 Isode Limited
|
yuuji@0
|
1755 5 Castle Business Village
|
yuuji@0
|
1756 36 Station Road
|
yuuji@0
|
1757 Hampton, Middlesex,
|
yuuji@0
|
1758 TW12 2BX, United Kingdom
|
yuuji@0
|
1759
|
yuuji@0
|
1760 EMail: Alexey.Melnikov@isode.com
|
yuuji@0
|
1761 URI: http://www.melnikov.ca/
|
yuuji@0
|
1762
|
yuuji@0
|
1763
|
yuuji@0
|
1764 Kurt D. Zeilenga
|
yuuji@0
|
1765 OpenLDAP Foundation
|
yuuji@0
|
1766
|
yuuji@0
|
1767 EMail: Kurt@OpenLDAP.org
|
yuuji@0
|
1768
|
yuuji@0
|
1769
|
yuuji@0
|
1770
|
yuuji@0
|
1771
|
yuuji@0
|
1772
|
yuuji@0
|
1773
|
yuuji@0
|
1774
|
yuuji@0
|
1775
|
yuuji@0
|
1776
|
yuuji@0
|
1777
|
yuuji@0
|
1778
|
yuuji@0
|
1779
|
yuuji@0
|
1780
|
yuuji@0
|
1781
|
yuuji@0
|
1782
|
yuuji@0
|
1783
|
yuuji@0
|
1784
|
yuuji@0
|
1785
|
yuuji@0
|
1786
|
yuuji@0
|
1787
|
yuuji@0
|
1788
|
yuuji@0
|
1789
|
yuuji@0
|
1790
|
yuuji@0
|
1791
|
yuuji@0
|
1792
|
yuuji@0
|
1793
|
yuuji@0
|
1794 Melnikov & Zeilenga Standards Track [Page 32]
|
yuuji@0
|
1795
|
yuuji@0
|
1796 RFC 4422 SASL June 2006
|
yuuji@0
|
1797
|
yuuji@0
|
1798
|
yuuji@0
|
1799 Full Copyright Statement
|
yuuji@0
|
1800
|
yuuji@0
|
1801 Copyright (C) The Internet Society (2006).
|
yuuji@0
|
1802
|
yuuji@0
|
1803 This document is subject to the rights, licenses and restrictions
|
yuuji@0
|
1804 contained in BCP 78, and except as set forth therein, the authors
|
yuuji@0
|
1805 retain all their rights.
|
yuuji@0
|
1806
|
yuuji@0
|
1807 This document and the information contained herein are provided on an
|
yuuji@0
|
1808 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
|
yuuji@0
|
1809 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
|
yuuji@0
|
1810 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
|
yuuji@0
|
1811 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
|
yuuji@0
|
1812 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
|
yuuji@0
|
1813 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
yuuji@0
|
1814
|
yuuji@0
|
1815 Intellectual Property
|
yuuji@0
|
1816
|
yuuji@0
|
1817 The IETF takes no position regarding the validity or scope of any
|
yuuji@0
|
1818 Intellectual Property Rights or other rights that might be claimed to
|
yuuji@0
|
1819 pertain to the implementation or use of the technology described in
|
yuuji@0
|
1820 this document or the extent to which any license under such rights
|
yuuji@0
|
1821 might or might not be available; nor does it represent that it has
|
yuuji@0
|
1822 made any independent effort to identify any such rights. Information
|
yuuji@0
|
1823 on the procedures with respect to rights in RFC documents can be
|
yuuji@0
|
1824 found in BCP 78 and BCP 79.
|
yuuji@0
|
1825
|
yuuji@0
|
1826 Copies of IPR disclosures made to the IETF Secretariat and any
|
yuuji@0
|
1827 assurances of licenses to be made available, or the result of an
|
yuuji@0
|
1828 attempt made to obtain a general license or permission for the use of
|
yuuji@0
|
1829 such proprietary rights by implementers or users of this
|
yuuji@0
|
1830 specification can be obtained from the IETF on-line IPR repository at
|
yuuji@0
|
1831 http://www.ietf.org/ipr.
|
yuuji@0
|
1832
|
yuuji@0
|
1833 The IETF invites any interested party to bring to its attention any
|
yuuji@0
|
1834 copyrights, patents or patent applications, or other proprietary
|
yuuji@0
|
1835 rights that may cover technology that may be required to implement
|
yuuji@0
|
1836 this standard. Please address the information to the IETF at
|
yuuji@0
|
1837 ietf-ipr@ietf.org.
|
yuuji@0
|
1838
|
yuuji@0
|
1839 Acknowledgement
|
yuuji@0
|
1840
|
yuuji@0
|
1841 Funding for the RFC Editor function is provided by the IETF
|
yuuji@0
|
1842 Administrative Support Activity (IASA).
|
yuuji@0
|
1843
|
yuuji@0
|
1844
|
yuuji@0
|
1845
|
yuuji@0
|
1846
|
yuuji@0
|
1847
|
yuuji@0
|
1848
|
yuuji@0
|
1849
|
yuuji@0
|
1850 Melnikov & Zeilenga Standards Track [Page 33]
|
yuuji@0
|
1851
|