diff --git a/docs/release-notes.html b/docs/release-notes.html
index e243a9ba0..dd0bc4e9c 100644
--- a/docs/release-notes.html
+++ b/docs/release-notes.html
@@ -88,8 +88,9 @@ Version 6.0.10
- Updated the documentation to include the latest version of
- draft-ietf-kitten-scram-2fa in the set of LDAP-related specifications.
+ Updated the documentation to include the latest versions of
+ draft-ietf-kitten-scram-2fa, draft-melnikov-scram-bis, and
+ draft-melnikov-scram-sha3-512 in the set of LDAP-related specifications.
diff --git a/docs/specs/draft-melnikov-scram-bis-02.txt b/docs/specs/draft-melnikov-scram-bis-03.txt
similarity index 88%
rename from docs/specs/draft-melnikov-scram-bis-02.txt
rename to docs/specs/draft-melnikov-scram-bis-03.txt
index 34a838a87..0e0506fee 100644
--- a/docs/specs/draft-melnikov-scram-bis-02.txt
+++ b/docs/specs/draft-melnikov-scram-bis-03.txt
@@ -4,14 +4,14 @@
Network Working Group A. Melnikov, Ed.
Internet-Draft Isode Ltd
-Updates: 5802, 7677 (if approved) 13 January 2023
+Updates: 5802, 7677 (if approved) 24 August 2023
Intended status: Standards Track
-Expires: 17 July 2023
+Expires: 25 February 2024
Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-
API Mechanisms
- draft-melnikov-scram-bis-02
+ draft-melnikov-scram-bis-03
Abstract
@@ -35,7 +35,7 @@ Status of This Memo
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
- This Internet-Draft will expire on 17 July 2023.
+ This Internet-Draft will expire on 25 February 2024.
Copyright Notice
@@ -53,9 +53,9 @@ Copyright Notice
-Melnikov Expires 17 July 2023 [Page 1]
+Melnikov Expires 25 February 2024 [Page 1]
�
-Internet-Draft SASL SCRAM January 2023
+Internet-Draft SASL SCRAM August 2023
Table of Contents
@@ -109,9 +109,9 @@ Table of Contents
-Melnikov Expires 17 July 2023 [Page 2]
+Melnikov Expires 25 February 2024 [Page 2]
�
-Internet-Draft SASL SCRAM January 2023
+Internet-Draft SASL SCRAM August 2023
3. Implementation Recommendations
@@ -132,7 +132,8 @@ Internet-Draft SASL SCRAM January 2023
SHA3-512 [I-D.melnikov-scram-sha3-512] instead of SCRAM-SHA-1-PLUS/
SCRAM-SHA-1 [RFC5802].
- [RFC5803] describes how SCRAM hashes can be stored in LDAP. It is
+ [RFC5803] describes how SCRAM hashes can be stored in LDAP. The LDAP
+ format has a field for the hash algorithm name used, so it is
compatible with all versions of SCRAM described in this document,
including SCRAM-SHA-256, SCRAM-SHA-512 and SCRAM-SHA3-512.
@@ -161,15 +162,15 @@ Internet-Draft SASL SCRAM January 2023
gives around 15,000 iterations required; however, a hash iteration-
count of 10000 takes around 0.5 seconds on current mobile handsets.
This computational cost can be avoided by caching the ClientKey
- (assuming the Salt and hash iteration-count is stable). Therefore,
-Melnikov Expires 17 July 2023 [Page 3]
+Melnikov Expires 25 February 2024 [Page 3]
�
-Internet-Draft SASL SCRAM January 2023
+Internet-Draft SASL SCRAM August 2023
+ (assuming the Salt and hash iteration-count is stable). Therefore,
the recommendation of this specification is that the hash iteration-
count SHOULD be at least 10000, but careful consideration ought to be
given to using a significantly higher value, particularly where
@@ -213,17 +214,16 @@ Internet-Draft SASL SCRAM January 2023
DOI 10.17487/RFC5803, July 2010,
.
- [RFC6234] Eastlake 3rd, D., Hansen, T., and RFC Publisher, "US
- Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)",
- RFC 6234, DOI 10.17487/RFC6234, May 2011,
+ [RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms
+ (SHA and SHA-based HMAC and HKDF)", RFC 6234,
+ DOI 10.17487/RFC6234, May 2011,
.
-
-Melnikov Expires 17 July 2023 [Page 4]
+Melnikov Expires 25 February 2024 [Page 4]
�
-Internet-Draft SASL SCRAM January 2023
+Internet-Draft SASL SCRAM August 2023
[RFC7627] Bhargavan, K., Ed., Delignat-Lavaud, A., Pironti, A.,
@@ -252,24 +252,24 @@ Internet-Draft SASL SCRAM January 2023
[I-D.kitten-scram-2fa]
Melnikov, A., "Extensions to Salted Challenge Response
(SCRAM) for 2 factor authentication", Work in Progress,
- Internet-Draft, draft-ietf-kitten-scram-2fa-02, 13 January
+ Internet-Draft, draft-ietf-kitten-scram-2fa-03, 24 August
2023, .
+ scram-2fa-03.txt>.
[I-D.melnikov-scram-sha-512]
Melnikov, A., "SCRAM-SHA-512 and SCRAM-SHA-512-PLUS Simple
Authentication and Security Layer (SASL) Mechanisms", Work
in Progress, Internet-Draft, draft-melnikov-scram-sha-
- 512-02, 19 October 2021, .
+ 512-03, 10 March 2022, .
[I-D.melnikov-scram-sha3-512]
Melnikov, A., "SCRAM-SHA3-512 and SCRAM-SHA3-512-PLUS
Simple Authentication and Security Layer (SASL)
Mechanisms", Work in Progress, Internet-Draft, draft-
- melnikov-scram-sha3-512-02, 19 October 2021,
+ melnikov-scram-sha3-512-03, 24 August 2023,
.
+ scram-sha3-512-03.txt>.
6.2. Informative References
@@ -277,9 +277,9 @@ Internet-Draft SASL SCRAM January 2023
-Melnikov Expires 17 July 2023 [Page 5]
+Melnikov Expires 25 February 2024 [Page 5]
�
-Internet-Draft SASL SCRAM January 2023
+Internet-Draft SASL SCRAM August 2023
[RFC4270] Hoffman, P. and B. Schneier, "Attacks on Cryptographic
@@ -333,4 +333,4 @@ Author's Address
-Melnikov Expires 17 July 2023 [Page 6]
+Melnikov Expires 25 February 2024 [Page 6]
diff --git a/docs/specs/draft-melnikov-scram-sha3-512-02.txt b/docs/specs/draft-melnikov-scram-sha3-512-03.txt
similarity index 84%
rename from docs/specs/draft-melnikov-scram-sha3-512-02.txt
rename to docs/specs/draft-melnikov-scram-sha3-512-03.txt
index 2c26c7d13..ffa08a8c5 100644
--- a/docs/specs/draft-melnikov-scram-sha3-512-02.txt
+++ b/docs/specs/draft-melnikov-scram-sha3-512-03.txt
@@ -4,13 +4,13 @@
Network Working Group A. Melnikov, Ed.
Internet-Draft Isode Ltd
-Intended status: Standards Track 19 October 2021
-Expires: 22 April 2022
+Intended status: Standards Track 24 August 2023
+Expires: 25 February 2024
SCRAM-SHA3-512 and SCRAM-SHA3-512-PLUS Simple Authentication and
Security Layer (SASL) Mechanisms
- draft-melnikov-scram-sha3-512-02
+ draft-melnikov-scram-sha3-512-03
Abstract
@@ -32,11 +32,11 @@ Status of This Memo
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
- This Internet-Draft will expire on 22 April 2022.
+ This Internet-Draft will expire on 25 February 2024.
Copyright Notice
- Copyright (c) 2021 IETF Trust and the persons identified as the
+ Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
@@ -44,18 +44,18 @@ Copyright Notice
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
- extracted from this document must include Simplified BSD License text
- as described in Section 4.e of the Trust Legal Provisions and are
- provided without warranty as described in the Simplified BSD License.
+ extracted from this document must include Revised BSD License text as
+ described in Section 4.e of the Trust Legal Provisions and are
+ provided without warranty as described in the Revised BSD License.
-Melnikov Expires 22 April 2022 [Page 1]
+Melnikov Expires 25 February 2024 [Page 1]
�
-Internet-Draft SASL SCRAM-SHA3-512/SCRAM-SHA3-512-PLUS October 2021
+Internet-Draft SASL SCRAM-SHA3-512/SCRAM-SHA3-512-PLUS August 2023
Table of Contents
@@ -109,9 +109,9 @@ Table of Contents
-Melnikov Expires 22 April 2022 [Page 2]
+Melnikov Expires 25 February 2024 [Page 2]
�
-Internet-Draft SASL SCRAM-SHA3-512/SCRAM-SHA3-512-PLUS October 2021
+Internet-Draft SASL SCRAM-SHA3-512/SCRAM-SHA3-512-PLUS August 2023
4. Security Considerations
@@ -125,12 +125,12 @@ Internet-Draft SASL SCRAM-SHA3-512/SCRAM-SHA3-512-PLUS October 2021
default channel binding to use (see Section 6.1 of [RFC5802]),
assuming the above conditions are satisfied. As "tls-unique" channel
binding is not defined for TLS 1.3 [RFC8446], when using SCRAM over
- TLS 1.3, the "tls-exporter" channel binding [tls-1.3-channel-binding]
- MUST be the default channel binding (in the sense specified in
- Section 6.1 of [RFC5802]) to use.
+ TLS 1.3, the "tls-exporter" channel binding [RFC9266] MUST be the
+ default channel binding (in the sense specified in Section 6.1 of
+ [RFC5802]) to use.
See [RFC4270] and [RFC6194] for reasons to move from SHA-1 to a
- strong security mechanism like SHA3-512.
+ stronger security mechanism like SHA3-512.
The strength of this mechanism is dependent in part on the hash
iteration-count, as denoted by "i" in [RFC5802]. As a rule of thumb,
@@ -165,9 +165,9 @@ Internet-Draft SASL SCRAM-SHA3-512/SCRAM-SHA3-512-PLUS October 2021
-Melnikov Expires 22 April 2022 [Page 3]
+Melnikov Expires 25 February 2024 [Page 3]
�
-Internet-Draft SASL SCRAM-SHA3-512/SCRAM-SHA3-512-PLUS October 2021
+Internet-Draft SASL SCRAM-SHA3-512/SCRAM-SHA3-512-PLUS August 2023
Minimum iteration-count: 10000
@@ -221,9 +221,9 @@ Internet-Draft SASL SCRAM-SHA3-512/SCRAM-SHA3-512-PLUS October 2021
-Melnikov Expires 22 April 2022 [Page 4]
+Melnikov Expires 25 February 2024 [Page 4]
�
-Internet-Draft SASL SCRAM-SHA3-512/SCRAM-SHA3-512-PLUS October 2021
+Internet-Draft SASL SCRAM-SHA3-512/SCRAM-SHA3-512-PLUS August 2023
[RFC4422] Melnikov, A., Ed. and K. Zeilenga, Ed., "Simple
@@ -256,12 +256,9 @@ Internet-Draft SASL SCRAM-SHA3-512/SCRAM-SHA3-512-PLUS October 2021
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
.
- [tls-1.3-channel-binding]
- Whited, S., "Channel Bindings for TLS 1.3", Work in
- Progress, Internet-Draft, draft-ietf-kitten-tls-channel-
- bindings-for-tls13-11, 18 October 2021,
- .
+ [RFC9266] Whited, S., "Channel Bindings for TLS 1.3", RFC 9266,
+ DOI 10.17487/RFC9266, July 2022,
+ .
[NIST.FIPS.202]
Dworkin, M., "SHA-3 Standard: Permutation-Based Hash and
@@ -272,21 +269,19 @@ Internet-Draft SASL SCRAM-SHA3-512/SCRAM-SHA3-512-PLUS October 2021
6.2. Informative References
+ [RFC4270] Hoffman, P. and B. Schneier, "Attacks on Cryptographic
+ Hashes in Internet Protocols", RFC 4270,
+ DOI 10.17487/RFC4270, November 2005,
+ .
-
-Melnikov Expires 22 April 2022 [Page 5]
+Melnikov Expires 25 February 2024 [Page 5]
�
-Internet-Draft SASL SCRAM-SHA3-512/SCRAM-SHA3-512-PLUS October 2021
+Internet-Draft SASL SCRAM-SHA3-512/SCRAM-SHA3-512-PLUS August 2023
- [RFC4270] Hoffman, P. and B. Schneier, "Attacks on Cryptographic
- Hashes in Internet Protocols", RFC 4270,
- DOI 10.17487/RFC4270, November 2005,
- .
-
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", RFC 5226,
DOI 10.17487/RFC5226, May 2008,
@@ -311,7 +306,6 @@ Author's Address
Hampton
TW12 2NP
United Kingdom
-
Email: alexey.melnikov@isode.com
@@ -333,4 +327,10 @@ Author's Address
-Melnikov Expires 22 April 2022 [Page 6]
+
+
+
+
+
+
+Melnikov Expires 25 February 2024 [Page 6]
diff --git a/docs/specs/internet-drafts.html b/docs/specs/internet-drafts.html
index 80cca904c..3804b3ae9 100644
--- a/docs/specs/internet-drafts.html
+++ b/docs/specs/internet-drafts.html
@@ -623,9 +623,9 @@ LDAP Specifications Defined in Internet Drafts
- draft-melnikov-scram-bis-02: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms
+ draft-melnikov-scram-bis-03: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms
- Expiration Date: July 17, 2023
+ Expiration Date: February 25, 2024
@@ -637,9 +637,9 @@ LDAP Specifications Defined in Internet Drafts
- draft-melnikov-scram-sha3-512-02: SCRAM-SHA3-512 and SCRAM-SHA3-512-PLUS Simple Authentication and Security Layer (SASL) Mechanisms
+ draft-melnikov-scram-sha3-512-03: SCRAM-SHA3-512 and SCRAM-SHA3-512-PLUS Simple Authentication and Security Layer (SASL) Mechanisms
- Expiration Date: April 22, 2022
+ Expiration Date: February 25, 2024