rfc2554.txt 20KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620
  1. Network Working Group J. Myers
  2. Request for Comments: 2554 Netscape Communications
  3. Category: Standards Track March 1999
  4. SMTP Service Extension
  5. for Authentication
  6. Status of this Memo
  7. This document specifies an Internet standards track protocol for the
  8. Internet community, and requests discussion and suggestions for
  9. improvements. Please refer to the current edition of the "Internet
  10. Official Protocol Standards" (STD 1) for the standardization state
  11. and status of this protocol. Distribution of this memo is unlimited.
  12. Copyright Notice
  13. Copyright (C) The Internet Society (1999). All Rights Reserved.
  14. 1. Introduction
  15. This document defines an SMTP service extension [ESMTP] whereby an
  16. SMTP client may indicate an authentication mechanism to the server,
  17. perform an authentication protocol exchange, and optionally negotiate
  18. a security layer for subsequent protocol interactions. This
  19. extension is a profile of the Simple Authentication and Security
  20. Layer [SASL].
  21. 2. Conventions Used in this Document
  22. In examples, "C:" and "S:" indicate lines sent by the client and
  23. server respectively.
  24. The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY"
  25. in this document are to be interpreted as defined in "Key words for
  26. use in RFCs to Indicate Requirement Levels" [KEYWORDS].
  27. 3. The Authentication service extension
  28. (1) the name of the SMTP service extension is "Authentication"
  29. (2) the EHLO keyword value associated with this extension is "AUTH"
  30. Myers Standards Track [Page 1]
  31. RFC 2554 SMTP Authentication March 1999
  32. (3) The AUTH EHLO keyword contains as a parameter a space separated
  33. list of the names of supported SASL mechanisms.
  34. (4) a new SMTP verb "AUTH" is defined
  35. (5) an optional parameter using the keyword "AUTH" is added to the
  36. MAIL FROM command, and extends the maximum line length of the
  37. MAIL FROM command by 500 characters.
  38. (6) this extension is appropriate for the submission protocol
  39. [SUBMIT].
  40. 4. The AUTH command
  41. AUTH mechanism [initial-response]
  42. Arguments:
  43. a string identifying a SASL authentication mechanism.
  44. an optional base64-encoded response
  45. Restrictions:
  46. After an AUTH command has successfully completed, no more AUTH
  47. commands may be issued in the same session. After a successful
  48. AUTH command completes, a server MUST reject any further AUTH
  49. commands with a 503 reply.
  50. The AUTH command is not permitted during a mail transaction.
  51. Discussion:
  52. The AUTH command indicates an authentication mechanism to the
  53. server. If the server supports the requested authentication
  54. mechanism, it performs an authentication protocol exchange to
  55. authenticate and identify the user. Optionally, it also
  56. negotiates a security layer for subsequent protocol
  57. interactions. If the requested authentication mechanism is not
  58. supported, the server rejects the AUTH command with a 504
  59. reply.
  60. The authentication protocol exchange consists of a series of
  61. server challenges and client answers that are specific to the
  62. authentication mechanism. A server challenge, otherwise known
  63. as a ready response, is a 334 reply with the text part
  64. containing a BASE64 encoded string. The client answer consists
  65. of a line containing a BASE64 encoded string. If the client
  66. wishes to cancel an authentication exchange, it issues a line
  67. with a single "*". If the server receives such an answer, it
  68. MUST reject the AUTH command by sending a 501 reply.
  69. Myers Standards Track [Page 2]
  70. RFC 2554 SMTP Authentication March 1999
  71. The optional initial-response argument to the AUTH command is
  72. used to save a round trip when using authentication mechanisms
  73. that are defined to send no data in the initial challenge.
  74. When the initial-response argument is used with such a
  75. mechanism, the initial empty challenge is not sent to the
  76. client and the server uses the data in the initial-response
  77. argument as if it were sent in response to the empty challenge.
  78. Unlike a zero-length client answer to a 334 reply, a zero-
  79. length initial response is sent as a single equals sign ("=").
  80. If the client uses an initial-response argument to the AUTH
  81. command with a mechanism that sends data in the initial
  82. challenge, the server rejects the AUTH command with a 535
  83. reply.
  84. If the server cannot BASE64 decode the argument, it rejects the
  85. AUTH command with a 501 reply. If the server rejects the
  86. authentication data, it SHOULD reject the AUTH command with a
  87. 535 reply unless a more specific error code, such as one listed
  88. in section 6, is appropriate. Should the client successfully
  89. complete the authentication exchange, the SMTP server issues a
  90. 235 reply.
  91. The service name specified by this protocol's profile of SASL
  92. is "smtp".
  93. If a security layer is negotiated through the SASL
  94. authentication exchange, it takes effect immediately following
  95. the CRLF that concludes the authentication exchange for the
  96. client, and the CRLF of the success reply for the server. Upon
  97. a security layer's taking effect, the SMTP protocol is reset to
  98. the initial state (the state in SMTP after a server issues a
  99. 220 service ready greeting). The server MUST discard any
  100. knowledge obtained from the client, such as the argument to the
  101. EHLO command, which was not obtained from the SASL negotiation
  102. itself. The client MUST discard any knowledge obtained from
  103. the server, such as the list of SMTP service extensions, which
  104. was not obtained from the SASL negotiation itself (with the
  105. exception that a client MAY compare the list of advertised SASL
  106. mechanisms before and after authentication in order to detect
  107. an active down-negotiation attack). The client SHOULD send an
  108. EHLO command as the first command after a successful SASL
  109. negotiation which results in the enabling of a security layer.
  110. The server is not required to support any particular
  111. authentication mechanism, nor are authentication mechanisms
  112. required to support any security layers. If an AUTH command
  113. fails, the client may try another authentication mechanism by
  114. issuing another AUTH command.
  115. Myers Standards Track [Page 3]
  116. RFC 2554 SMTP Authentication March 1999
  117. If an AUTH command fails, the server MUST behave the same as if
  118. the client had not issued the AUTH command.
  119. The BASE64 string may in general be arbitrarily long. Clients
  120. and servers MUST be able to support challenges and responses
  121. that are as long as are generated by the authentication
  122. mechanisms they support, independent of any line length
  123. limitations the client or server may have in other parts of its
  124. protocol implementation.
  125. Examples:
  126. S: 220 smtp.example.com ESMTP server ready
  127. C: EHLO jgm.example.com
  128. S: 250-smtp.example.com
  129. S: 250 AUTH CRAM-MD5 DIGEST-MD5
  130. C: AUTH FOOBAR
  131. S: 504 Unrecognized authentication type.
  132. C: AUTH CRAM-MD5
  133. S: 334
  134. PENCeUxFREJoU0NnbmhNWitOMjNGNndAZWx3b29kLmlubm9zb2Z0LmNvbT4=
  135. C: ZnJlZCA5ZTk1YWVlMDljNDBhZjJiODRhMGMyYjNiYmFlNzg2ZQ==
  136. S: 235 Authentication successful.
  137. 5. The AUTH parameter to the MAIL FROM command
  138. AUTH=addr-spec
  139. Arguments:
  140. An addr-spec containing the identity which submitted the message
  141. to the delivery system, or the two character sequence "<>"
  142. indicating such an identity is unknown or insufficiently
  143. authenticated. To comply with the restrictions imposed on ESMTP
  144. parameters, the addr-spec is encoded inside an xtext. The syntax
  145. of an xtext is described in section 5 of [ESMTP-DSN].
  146. Discussion:
  147. The optional AUTH parameter to the MAIL FROM command allows
  148. cooperating agents in a trusted environment to communicate the
  149. authentication of individual messages.
  150. If the server trusts the authenticated identity of the client to
  151. assert that the message was originally submitted by the supplied
  152. addr-spec, then the server SHOULD supply the same addr-spec in an
  153. AUTH parameter when relaying the message to any server which
  154. supports the AUTH extension.
  155. Myers Standards Track [Page 4]
  156. RFC 2554 SMTP Authentication March 1999
  157. A MAIL FROM parameter of AUTH=<> indicates that the original
  158. submitter of the message is not known. The server MUST NOT treat
  159. the message as having been originally submitted by the client.
  160. If the AUTH parameter to the MAIL FROM is not supplied, the
  161. client has authenticated, and the server believes the message is
  162. an original submission by the client, the server MAY supply the
  163. client's identity in the addr-spec in an AUTH parameter when
  164. relaying the message to any server which supports the AUTH
  165. extension.
  166. If the server does not sufficiently trust the authenticated
  167. identity of the client, or if the client is not authenticated,
  168. then the server MUST behave as if the AUTH=<> parameter was
  169. supplied. The server MAY, however, write the value of the AUTH
  170. parameter to a log file.
  171. If an AUTH=<> parameter was supplied, either explicitly or due to
  172. the requirement in the previous paragraph, then the server MUST
  173. supply the AUTH=<> parameter when relaying the message to any
  174. server which it has authenticated to using the AUTH extension.
  175. A server MAY treat expansion of a mailing list as a new
  176. submission, setting the AUTH parameter to the mailing list
  177. address or mailing list administration address when relaying the
  178. message to list subscribers.
  179. It is conforming for an implementation to be hard-coded to treat
  180. all clients as being insufficiently trusted. In that case, the
  181. implementation does nothing more than parse and discard
  182. syntactically valid AUTH parameters to the MAIL FROM command and
  183. supply AUTH=<> parameters to any servers to which it
  184. authenticates using the AUTH extension.
  185. Examples:
  186. C: MAIL FROM:<e=mc2@example.com> AUTH=e+3Dmc2@example.com
  187. S: 250 OK
  188. Myers Standards Track [Page 5]
  189. RFC 2554 SMTP Authentication March 1999
  190. 6. Error Codes
  191. The following error codes may be used to indicate various conditions
  192. as described.
  193. 432 A password transition is needed
  194. This response to the AUTH command indicates that the user needs to
  195. transition to the selected authentication mechanism. This typically
  196. done by authenticating once using the PLAIN authentication mechanism.
  197. 534 Authentication mechanism is too weak
  198. This response to the AUTH command indicates that the selected
  199. authentication mechanism is weaker than server policy permits for
  200. that user.
  201. 538 Encryption required for requested authentication mechanism
  202. This response to the AUTH command indicates that the selected
  203. authentication mechanism may only be used when the underlying SMTP
  204. connection is encrypted.
  205. 454 Temporary authentication failure
  206. This response to the AUTH command indicates that the authentication
  207. failed due to a temporary server failure.
  208. 530 Authentication required
  209. This response may be returned by any command other than AUTH, EHLO,
  210. HELO, NOOP, RSET, or QUIT. It indicates that server policy requires
  211. authentication in order to perform the requested action.
  212. Myers Standards Track [Page 6]
  213. RFC 2554 SMTP Authentication March 1999
  214. 7. Formal Syntax
  215. The following syntax specification uses the augmented Backus-Naur
  216. Form (BNF) notation as specified in [ABNF].
  217. Except as noted otherwise, all alphabetic characters are case-
  218. insensitive. The use of upper or lower case characters to define
  219. token strings is for editorial clarity only. Implementations MUST
  220. accept these strings in a case-insensitive fashion.
  221. UPALPHA = %x41-5A ;; Uppercase: A-Z
  222. LOALPHA = %x61-7A ;; Lowercase: a-z
  223. ALPHA = UPALPHA / LOALPHA ;; case insensitive
  224. DIGIT = %x30-39 ;; Digits 0-9
  225. HEXDIGIT = %x41-46 / DIGIT ;; hexidecimal digit (uppercase)
  226. hexchar = "+" HEXDIGIT HEXDIGIT
  227. xchar = %x21-2A / %x2C-3C / %x3E-7E
  228. ;; US-ASCII except for "+", "=", SPACE and CTL
  229. xtext = *(xchar / hexchar)
  230. AUTH_CHAR = ALPHA / DIGIT / "-" / "_"
  231. auth_type = 1*20AUTH_CHAR
  232. auth_command = "AUTH" SPACE auth_type [SPACE (base64 / "=")]
  233. *(CRLF [base64]) CRLF
  234. auth_param = "AUTH=" xtext
  235. ;; The decoded form of the xtext MUST be either
  236. ;; an addr-spec or the two characters "<>"
  237. base64 = base64_terminal /
  238. ( 1*(4base64_CHAR) [base64_terminal] )
  239. base64_char = UPALPHA / LOALPHA / DIGIT / "+" / "/"
  240. ;; Case-sensitive
  241. base64_terminal = (2base64_char "==") / (3base64_char "=")
  242. continue_req = "334" SPACE [base64] CRLF
  243. Myers Standards Track [Page 7]
  244. RFC 2554 SMTP Authentication March 1999
  245. CR = %x0C ;; ASCII CR, carriage return
  246. CRLF = CR LF
  247. CTL = %x00-1F / %x7F ;; any ASCII control character and DEL
  248. LF = %x0A ;; ASCII LF, line feed
  249. SPACE = %x20 ;; ASCII SP, space
  250. 8. References
  251. [ABNF] Crocker, D. and P. Overell, "Augmented BNF for Syntax
  252. Specifications: ABNF", RFC 2234, November 1997.
  253. [CRAM-MD5] Klensin, J., Catoe, R. and P. Krumviede, "IMAP/POP
  254. AUTHorize Extension for Simple Challenge/Response", RFC
  255. 2195, September 1997.
  256. [ESMTP] Klensin, J., Freed, N., Rose, M., Stefferud, E. and D.
  257. Crocker, "SMTP Service Extensions", RFC 1869, November
  258. 1995.
  259. [ESMTP-DSN] Moore, K, "SMTP Service Extension for Delivery Status
  260. Notifications", RFC 1891, January 1996.
  261. [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate
  262. Requirement Levels", BCP 14, RFC 2119, March 1997.
  263. [SASL] Myers, J., "Simple Authentication and Security Layer
  264. (SASL)", RFC 2222, October 1997.
  265. [SUBMIT] Gellens, R. and J. Klensin, "Message Submission", RFC
  266. 2476, December 1998.
  267. [RFC821] Postel, J., "Simple Mail Transfer Protocol", STD 10, RFC
  268. 821, August 1982.
  269. [RFC822] Crocker, D., "Standard for the Format of ARPA Internet
  270. Text Messages", STD 11, RFC 822, August 1982.
  271. Myers Standards Track [Page 8]
  272. RFC 2554 SMTP Authentication March 1999
  273. 9. Security Considerations
  274. Security issues are discussed throughout this memo.
  275. If a client uses this extension to get an encrypted tunnel through an
  276. insecure network to a cooperating server, it needs to be configured
  277. to never send mail to that server when the connection is not mutually
  278. authenticated and encrypted. Otherwise, an attacker could steal the
  279. client's mail by hijacking the SMTP connection and either pretending
  280. the server does not support the Authentication extension or causing
  281. all AUTH commands to fail.
  282. Before the SASL negotiation has begun, any protocol interactions are
  283. performed in the clear and may be modified by an active attacker.
  284. For this reason, clients and servers MUST discard any knowledge
  285. obtained prior to the start of the SASL negotiation upon completion
  286. of a SASL negotiation which results in a security layer.
  287. This mechanism does not protect the TCP port, so an active attacker
  288. may redirect a relay connection attempt to the submission port
  289. [SUBMIT]. The AUTH=<> parameter prevents such an attack from causing
  290. an relayed message without an envelope authentication to pick up the
  291. authentication of the relay client.
  292. A message submission client may require the user to authenticate
  293. whenever a suitable SASL mechanism is advertised. Therefore, it may
  294. not be desirable for a submission server [SUBMIT] to advertise a SASL
  295. mechanism when use of that mechanism grants the client no benefits
  296. over anonymous submission.
  297. This extension is not intended to replace or be used instead of end-
  298. to-end message signature and encryption systems such as S/MIME or
  299. PGP. This extension addresses a different problem than end-to-end
  300. systems; it has the following key differences:
  301. (1) it is generally useful only within a trusted enclave
  302. (2) it protects the entire envelope of a message, not just the
  303. message's body.
  304. (3) it authenticates the message submission, not authorship of the
  305. message content
  306. (4) it can give the sender some assurance the message was
  307. delivered to the next hop in the case where the sender
  308. mutually authenticates with the next hop and negotiates an
  309. appropriate security layer.
  310. Myers Standards Track [Page 9]
  311. RFC 2554 SMTP Authentication March 1999
  312. Additional security considerations are mentioned in the SASL
  313. specification [SASL].
  314. 10. Author's Address
  315. John Gardiner Myers
  316. Netscape Communications
  317. 501 East Middlefield Road
  318. Mail Stop MV-029
  319. Mountain View, CA 94043
  320. EMail: jgmyers@netscape.com
  321. Myers Standards Track [Page 10]
  322. RFC 2554 SMTP Authentication March 1999
  323. 11. Full Copyright Statement
  324. Copyright (C) The Internet Society (1999). All Rights Reserved.
  325. This document and translations of it may be copied and furnished to
  326. others, and derivative works that comment on or otherwise explain it
  327. or assist in its implementation may be prepared, copied, published
  328. and distributed, in whole or in part, without restriction of any
  329. kind, provided that the above copyright notice and this paragraph are
  330. included on all such copies and derivative works. However, this
  331. document itself may not be modified in any way, such as by removing
  332. the copyright notice or references to the Internet Society or other
  333. Internet organizations, except as needed for the purpose of
  334. developing Internet standards in which case the procedures for
  335. copyrights defined in the Internet Standards process must be
  336. followed, or as required to translate it into languages other than
  337. English.
  338. The limited permissions granted above are perpetual and will not be
  339. revoked by the Internet Society or its successors or assigns.
  340. This document and the information contained herein is provided on an
  341. "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
  342. TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
  343. BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
  344. HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
  345. MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
  346. Myers Standards Track [Page 11]