Internet Assigned Numbers Authority Simple Authentication and Security Layer (SASL) Mechanisms Last Updated 2022-03-16 Note The Simple Authentication and Security Layer (SASL) [RFC4422] is a method for adding authentication support to connection-based protocols. To use this specification, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating a security layer for subsequent protocol interactions. The command has a required argument identifying a SASL mechanism. SASL mechanisms are named by strings, from 1 to 20 characters in length, consisting of upper-case letters, digits, hyphens, and/or underscores. SASL mechanism names must be registered with the IANA. Procedures for registering new SASL mechanisms are described in [RFC4422]. SASL mechanism names starting with "GS2-" are reserved for SASL mechanisms which conform to [RFC5801]. Registration procedures for SASL mechanism names starting with "SCRAM-" are defined in [RFC7677]. Available Formats [IMG] XML [IMG] HTML [IMG] Plain text Registries included below * SASL Mechanisms * SASL SCRAM Family Mechanisms SASL Mechanisms Registration Procedure(s) First Come First Served for mechanisms. Expert Review with mailing list for family name registrations. For names beginning with "GS2-", see RFC 5801. For names beginning with "SCRAM-", see RFC7677. Expert(s) Simon Josefsson Reference [RFC4422] Note SASL mechanisms are named by character strings from 1 to 20 characters in length, consisting of ASCII uppercase letters, digits, hyphens, and/or underscores. Available Formats [IMG] CSV Mechanism Usage Reference Owner 9798-M-DSA-SHA1 COMMON [RFC3163] [Robert_Zuccherato] 9798-M-ECDSA-SHA1 COMMON [RFC3163] [Robert_Zuccherato] 9798-M-RSA-SHA1-ENC COMMON [RFC3163] [Robert_Zuccherato] 9798-U-DSA-SHA1 COMMON [RFC3163] [Robert_Zuccherato] 9798-U-ECDSA-SHA1 COMMON [RFC3163] [Robert_Zuccherato] 9798-U-RSA-SHA1-ENC COMMON [RFC3163] [Robert_Zuccherato] ANONYMOUS COMMON [RFC4505] [IESG] CRAM-MD5 LIMITED [RFC2195] [IESG] DIGEST-MD5 OBSOLETE [RFC6331] [IESG] EAP-AES128 COMMON [RFC7055] [IESG] EAP-AES128-PLUS COMMON [RFC7055] [IESG] ECDH-X25519-CHALLENGE[1] LIMITED [https://github.com/atheme/atheme/blob/master/modules/saslserv/ecdh-x25519-challenge.c] [Simon_Ser] USE ECDSA-NIST256P-CHALLENGE[1] LIMITED [https://github.com/kaniini/ecdsatool#mechanism-spec] [Simon_Ser] USE EXTERNAL COMMON [RFC4422] [IESG] GS2-* COMMON [RFC5801] [IESG] GS2-KRB5 COMMON [RFC5801] [IESG] GS2-KRB5-PLUS COMMON [RFC5801] [IESG] GSS-SPNEGO LIMITED [Paul_Leach] [Paul_Leach] GSSAPI COMMON [RFC4752] [IESG] KERBEROS_V4 OBSOLETE [RFC2222] [IESG] KERBEROS_V5 COMMON [Simon_Josefsson] [Simon_Josefsson] LOGIN OBSOLETE [draft-murchison-sasl-login] [Kenneth_Murchison][Mark_R._Crispin] NMAS_AUTHEN LIMITED [Mark_G._Gayman] [Mark_G._Gayman] NMAS_LOGIN LIMITED [Mark_G._Gayman] [Mark_G._Gayman] NMAS-SAMBA-AUTH LIMITED [Vince_Brimhall] [Vince_Brimhall] NTLM LIMITED [Paul_Leach] [Paul_Leach] OAUTH10A COMMON [RFC7628] [IESG] OAUTHBEARER COMMON [RFC7628] [IESG] OPENID20 COMMON [RFC6616] [IESG] OTP COMMON [RFC2444] [IESG] PLAIN COMMON [RFC4616] [IESG] SAML20 COMMON [RFC6595] [IESG] SCRAM-* COMMON [RFC7677] [IESG] SECURID COMMON [RFC2808] [Magnus_Nystrom] SKEY OBSOLETE [RFC2444] [IESG] SPNEGO MUST NOT [RFC5801] [IESG] be used SPNEGO-PLUS MUST NOT [RFC5801] [IESG] be used SXOVER-PLUS COMMON [draft-vanrein-diameter-sasl-06] [Rick_van_Rein] XOAUTH OBSOLETE [N/A] [IESG] XOAUTH2 OBSOLETE [N/A] [IESG] SASL SCRAM Family Mechanisms Registration Procedure(s) IETF Review with mailing list Reference [RFC7677] Available Formats [IMG] CSV Mechanism Usage Reference Minimum iteration-count Associated OID Owner SCRAM-SHA-1 COMMON [RFC5802][RFC7677] 4096 1.3.6.1.5.5.14 [IESG] SCRAM-SHA-1-PLUS COMMON [RFC5802][RFC7677] 4096 1.3.6.1.5.5.14 [IESG] SCRAM-SHA-256 COMMON [RFC7677] 4096 1.3.6.1.5.5.18 [IESG] SCRAM-SHA-256-PLUS COMMON [RFC7677] 4096 1.3.6.1.5.5.18 [IESG] Contact Information ID Name Contact URI Last Updated [IESG] IESG mailto:iesg&ietf.org [Kenneth_Murchison] Kenneth Murchison mailto:ken&oceana.com 2014-11-10 [Magnus_Nystrom] Magnus Nystrom mailto:magnus&rsasecurity.com [Mark_G._Gayman] Mark G. Gayman mailto:mgayman&novell.com 2000-09 [Mark_R._Crispin] Mark R. Crispin mailto:MRC&CAC.Washington.EDU 2014-11-10 [Paul_Leach] Paul Leach mailto:paulleµsoft.com 2000-06 [Rick_van_Rein] Rick van Rein mailto:rick&openfortress.nl 2022-03-16 [Robert_Zuccherato] Robert Zuccherato mailto:robert.zuccherato&entrust.com [Simon_Josefsson] Simon Josefsson mailto:simon&josefsson.org 2004-01 [Simon_Ser] Simon Ser mailto:contact&emersion.fr 2021-07-21 [Vince_Brimhall] Vince Brimhall mailto:vbrimhall&novell.com 2004-04 Footnote [1] Note that this name does not conform to the length restriction in [RFC4422]. Licensing Terms