{"draft":"draft-ietf-sasl-scram-11","doc_id":"RFC5802","title":"Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms","authors":["C. Newman","A. Menon-Sen","A. Melnikov","N. Williams"],"format":["ASCII","HTML"],"page_count":"28","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Simple Authentication and Security Layer","abstract":"The secure authentication mechanism most widely deployed and used by\r\nInternet application protocols is the transmission of clear-text\r\npasswords over a channel protected by Transport Layer Security (TLS).\r\nThere are some significant security concerns with that mechanism,\r\nwhich could be addressed by the use of a challenge response\r\nauthentication mechanism protected by TLS.  Unfortunately, the\r\nchallenge response mechanisms presently on the standards track all\r\nfail to meet requirements necessary for widespread deployment, and\r\nhave had success only in limited use.\r\n\r\nThis specification describes a family of Simple Authentication and\r\nSecurity Layer (SASL; RFC 4422) authentication mechanisms called the\r\nSalted Challenge Response Authentication Mechanism (SCRAM), which\r\naddresses the security concerns and meets the deployability\r\nrequirements.  When used in combination with TLS or an equivalent\r\nsecurity layer, a mechanism from this family could improve the status\r\nquo for application protocol authentication and provide a suitable\r\nchoice for a mandatory-to-implement mechanism for future application\r\nprotocol standards.  [STANDARDS-TRACK]","pub_date":"July 2010","keywords":["[--------]","simple authentication and security layer"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":["RFC7677","RFC9266"],"see_also":[],"doi":"10.17487\/RFC5802","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc5802"}