Using Generic Security Service Application Program Interface Mechanisms in Simple Authentication and Security Layer : The GS2 Mechanism Family
RFC 5801, “Using Generic Security Service Application Program Interface Mechanisms in Simple Authentication and Security Layer : The GS2 Mechanism Family”, is a Proposed Standard document published in July 2010 by S. Josefsson, N. Williams. It has since been updated by RFC 9266. The canonical text is published by the RFC Editor.
Abstract
This document describes how to use a Generic Security Service Application Program Interface (GSS-API) mechanism in the Simple Authentication and Security Layer (SASL) framework. This is done by defining a new SASL mechanism family, called GS2. This mechanism family offers a number of improvements over the previous "SASL/ GSSAPI" mechanism: it is more general, uses fewer messages for the authentication phase in some cases, and supports negotiable use of channel binding. Only GSS-API mechanisms that support channel binding and mutual authentication are supported. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 5801 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 5802 Salted Challenge Response Authentication Mechanism SASL and GSS-API Mechanisms
- RFC 5803 Lightweight Directory Access Protocol Schema for Storing Salted Challenge Response Authentication Mechanism Secrets
- RFC 5798 Virtual Router Redundancy Protocol Version 3 for IPv4 and IPv6
- RFC 5804 A Protocol for Remotely Managing Sieve Scripts
- RFC 5797 FTP Command and Extension Registry
- RFC 5805 Lightweight Directory Access Protocol Transactions
- RFC 5796 Authentication and Confidentiality in Protocol Independent Multicast Sparse Mode Link-Local Messages
- RFC 5806 Diversion Indication in SIP