2.6.13 Simple Authentication and Security Layer (sasl)

NOTE: This charter is a snapshot of the 61st IETF Meeting in Washington, DC USA. It may now be out-of-date.

Last Modified: 2004-09-22

Chair(s):

Sam Hartman <hartmans@mit.edu>
Kurt Zeilenga <kurt@openLDAP.org>

Security Area Director(s):

Russell Housley <housley@vigilsec.com>
Steven Bellovin <smb@research.att.com>

Security Area Advisor:

Russell Housley <housley@vigilsec.com>

Mailing Lists:

General Discussion: ietf-sasl@imc.org
To Subscribe: ietf-sasl-request@imc.org
In Body: subscribe
Archive: http://www.imc.org/ietf-sasl/mail-archive/

Description of Working Group:

The Simple Authentication and Security Layer [RFC2222] provides key
security services to a number of application protocols including BEEP,
IMAP, LDAP, POP, and SMTP. The purpose of this working group is to
shepherd SASL, including select SASL mechanisms, through the Internet
Standards process.

This group will deliver a revised SASL Technical Specification
suitable for consideration as a Draft Standard. This work will be
based upon RFC 2222 and draft-myers-saslrev.

This group will deliver revised Technical Specifications suitable for
consideration as Draft Standards for the following SASL mechanisms:
ANONYMOUS, PLAIN, CRAM-MD5, DIGEST-MD5, and EXTERNAL. This work will
be based upon RFC 2195, RFC 2222, RFC 2831, draft-zeilenga-sasl-anon,
draft-zeilenga-sasl-plain, draft-nerenberg-sasl-crammd5 and
draft-melnikov-rfc2831bis, and draft-myers-saslrev-xx.txt.

This group will deliver a revised Technical Specification suitable for
publication as Proposed Standard for the GSSAPI family of SASL
mechanisms. This work will be based upon RFC 2222 and
draft-ietf-cat-sasl-gssapi.

The following areas are not within the scope of work of this WG:

- new features,

- SASL Mechanisms not specifically mentioned above, and

- SASL "profiles".

However, the SASL WG is an acceptable forum for review of SASL-related
submissions produced by others as long as such review does not impede
progress on the WG objectives listed above.

Goals and Milestones:

Done  Submit revised SASL (+ EXTERNAL) I-D
Done  Submit revised SASL ANONYMOUS I-D
Done  Submit revised SASL PLAIN I-D
Done  Submit revised SASL CRAM-MD5 I-D
Done  Submit revised SASL DIGEST-MD5 I-D
Done  Submit revised SASL GSSAPI I-D
Jan 04  Submit SASL (+ EXTERNAL), SASLprep, ANONYMOUS, PLAIN to IESG for consideration as Proposed Standards
Feb 04  Submit CRAM-MD5 to IESG for consideration as a Proposed Standard
Mar 04  Submit DIGEST-MD5 to IESG for consideration as a Proposed Standard
May 04  Submit GSSAPI to IESG for consideration as a Proposed Standard
Jun 04  Provide implementation report plan (with milestones)
Aug 04  Revise charter or conclude

Internet-Drafts:

  • draft-ietf-sasl-anon-04.txt
  • draft-ietf-sasl-plain-05.txt
  • draft-ietf-sasl-rfc2831bis-04.txt
  • draft-ietf-sasl-saslprep-10.txt
  • draft-ietf-sasl-rfc2222bis-09.txt
  • draft-ietf-sasl-crammd5-04.txt
  • draft-ietf-sasl-gssapi-01.txt

    No Request For Comments

    Current Meeting Report

    Simple Authentication and Security Layer (SASL) WG
    ==================================================
    Chair(s): Kurt Zeilenga <Kurt@OpenLDAP.org>
    Sam Hartman <hartmans@mit.edu>


    Tuesday, 9 November 2004 1545-1645

    Minutes compiled by Kurt Zeilenga from notes taken by Philip Guenther, Jeff Altman, others on Jabber. Minutes are not necessarily presented in chronological order.

    The Chair opened the meeting shortly after 1545. Philip Guenther agreed to take meeting notes. Jeff Altman agreed to be our Jabber scribe.

    It was noted that Sam Hartman would be stepping down as stepping down as co-chair after the session as he accepted an appointment to the IESG.

    draft-ietf-sasl-rfc2222bis (SASL base spec) was discussed.
    As Alexey (our Editor) was only able to participate via Jabber,the Chair, using the summary Alexey posted to the list, briefly went through the issues.
    - Identity terminology: this is the most significant outstanding issue. The "requested identity" proposal discussed at WG LC turned out to be problematic, especially in regards to its impact on mechanism specifications and existing implementation conventions. While its appears the subsequently suggested approach to discussion "identity concepts" may resolve some of the terminology issues, further work is needed. The chairs stated that the Editor needed additional direction here. The chairs to work with the Editor, giving the Editor as much free hand as possible, to come up with suitable text. But what's really needed is more WG review and comment.
    - Rekeying: consensus seems to be consistent with the chairs WGLC summary discussing this issue, but the text may need minor modification to reflect that consensus.
    - It was noted that document may need work in other areas.
    - The chairs asked who in the room had reviewed the document "front-to-back", few had. The chairs noted that additional WG review was needed and called for WG members to review this document.

    draft-ietf-sasl-rfc2831bis (DIGEST-MD5) was discussed. As Alexey (our Editor) was only able to participate via Jabber, the Chair provided a brief summary of the issues.
    - Alexey has a few minor editors to make,
    - Sam noted he would send crypto comments (CBC-fix) to list.
    - The chairs polled the room as to who has reviewed this I-D, few had. The chairs noted that additional WG review was needed and called for WG members to review this document.

    draft-ietf-sasl-gssapi-01.txt (GSSAPI mechanisms) was discussed. The chairs polled the room as to who has reviewed this I-D, few had. The chairs noted that the document would not go to WGLC until it received appropriate review. Nico noted that apparent consensus was for the "GSSAPI" (aka krb5) will not do rekeying, but that a new doc to describe GSS family of mechanisms, rolling in support for rekeying and reduced round-trips. That is, draft-ietf-sasl-gssapi would detail on the "GSSAPI" mechanism as implemented today. The chairs noted that this new document would not be taken on until the current drafts have moved forward.

    draft-ietf-sasl-crammd5 (CRAM-MD5)
    The chairs polled the room as to who has reviewed this I-D, few had. The chairs, after determining that few in the room had read the draft, would twist arms to get necessary review. As the Editor was unavailable, the I-D was not discussed further.

    Milestones
    The chairs lead a brief discussion of milestones. The Chair noted that another WGLC would likely be needed before progressing draft-ietf-sasl-rfc2222bis, and before end of year. Alexey noted that he needs clear suggestions.

    The chairs also noted that we will not commit resources to new docs until existing ones are reviewed.

    Other comments:

    A question was raised about status of LOGIN mechanism. The chairs noted that engineering of this mechanism was not on the charter and the mechanism was generally considered obsolete in favor of the PLAIN mechanism. However, the chairs did not that individuals were free to pursue a LOGIN I-D and discuss it on the WG list.

    There was a brief exchange regarding generic GSS mech family vs new non-GSS mechanisms. The discussion was deferred.

    Russ and the WG acknowledged Sam's service to the WG as co-chair. The WG looks forward to working with Sam as our Security Area Director. Russ also noted that those interested in serving as SASL co-chair are encouraged to contact him and/or Sam.

    The session concluded at 1630.

    Slides

    None received.