As required by RFC 4858, this is the current template for the Document
Alexey Melnikov is the document shepherd. Stephen Farrell is the responsible Area Director.
This document registers the SASL mechanisms SCRAM-SHA-256 and SCRAM-SHA-256-PLUS.
It also updates the SCRAM mechanism registration procedures of RFC 5802, by updating
the mailing list reference and adding a few more requirements.
2. Review and Consensus
While this is an individual submission, the document had adequate number of reviews on
the Kitten mailing list. It was also mentioned/discussed in the HTTPAUTH WG.
The document is pretty straigtforward, but one issue resulted in a longer discussion:
tls-unique channel binding is now known to be broken unless use of
draft-ietf-tls-session-hash-06 TLS extension is negotiated. While ideally the base
SCRAM document should have been updated to mention this, it is useful to mention
this issue in this draft.
The document was reviewed by GenArt and SecDir. No major issues were found.
One question was asked about whether it is Ok for an Informational document to
update a Standards Track document. The document was changed to Standards Track
as the result of this question.
A couple of implementations of this document are planned.
3. Intellectual Property
Author confirmed that he knows of no IPR related to this document.
4. Other Points
IANA initially had some questions, but all issues were clarified in the latest version.
IDnits reports that there are 2 instances of lines with non-RFC2606-compliant FQDNs
in the document, but the document shepherd thinks that these are false positives.