1 2 3 4 5 6 7 Network Working Group C. Newman 8 Request for Comments: 2245 Innosoft 9 Category: Standards Track November 1997 10 11 12 Anonymous SASL Mechanism 13 14 Status of this Memo 15 16 This document specifies an Internet standards track protocol for the 17 Internet community, and requests discussion and suggestions for 18 improvements. Please refer to the current edition of the "Internet 19 Official Protocol Standards" (STD 1) for the standardization state 20 and status of this protocol. Distribution of this memo is unlimited. 21 22 Copyright Notice 23 24 Copyright (C) The Internet Society (1997). All Rights Reserved. 25 26 Abstract 27 28 It is common practice on the Internet to permit anonymous access to 29 various services. Traditionally, this has been done with a plain 30 text password mechanism using "anonymous" as the user name and 31 optional trace information, such as an email address, as the 32 password. As plaintext login commands are not permitted in new IETF 33 protocols, a new way to provide anonymous login is needed within the 34 context of the SASL [SASL] framework. 35 36 1. Conventions Used in this Document 37 38 The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY" 39 in this document are to be interpreted as defined in "Key words for 40 use in RFCs to Indicate Requirement Levels" [KEYWORDS]. 41 42 2. Anonymous SASL mechanism 43 44 The mechanism name associated with anonymous access is "ANONYMOUS". 45 The mechanism consists of a single message from the client to the 46 server. The client sends optional trace information in the form of a 47 human readable string. The trace information should take one of 48 three forms: an Internet email address, an opaque string which does 49 not contain the '@' character and can be interpreted by the system 50 administrator of the client's domain, or nothing. For privacy 51 reasons, an Internet email address should only be used with 52 permission from the user. 53 54 55 56 57 58 Newman Standards Track [Page 1] 59 61 RFC 2245 Anonymous SASL Mechanism November 1997 62 63 64 A server which permits anonymous access will announce support for the 65 ANONYMOUS mechanism, and allow anyone to log in using that mechanism, 66 usually with restricted access. 67 68 The formal grammar for the client message using Augmented BNF [ABNF] 69 follows. 70 71 message = [email / token] 72 73 TCHAR = %x20-3F / %x41-7E 74 ;; any printable US-ASCII character except '@' 75 76 email = addr-spec 77 ;; as defined in [IMAIL], except with no free 78 ;; insertion of linear-white-space, and the 79 ;; local-part MUST either be entirely enclosed in 80 ;; quotes or entirely unquoted 81 82 token = 1*255TCHAR 83 84 3. Example 85 86 87 Here is a sample anonymous login between an IMAP client and server. 88 In this example, "C:" and "S:" indicate lines sent by the client and 89 server respectively. If such lines are wrapped without a new "C:" or 90 "S:" label, then the wrapping is for editorial clarity and is not 91 part of the command. 92 93 Note that this example uses the IMAP profile [IMAP4] of SASL. The 94 base64 encoding of challenges and responses, as well as the "+ " 95 preceding the responses are part of the IMAP4 profile, not part of 96 SASL itself. Newer profiles of SASL will include the client message 97 with the AUTHENTICATE command itself so the extra round trip below 98 (the server response with an empty "+ ") can be eliminated. 99 100 In this example, the user's opaque identification token is "sirhc". 101 102 S: * OK IMAP4 server ready 103 C: A001 CAPABILITY 104 S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=CRAM-MD5 AUTH=ANONYMOUS 105 S: A001 OK done 106 C: A002 AUTHENTICATE ANONYMOUS 107 S: + 108 C: c2lyaGM= 109 S: A003 OK Welcome, trace information has been logged. 110 111 112 113 114 115 Newman Standards Track [Page 2] 116 118 RFC 2245 Anonymous SASL Mechanism November 1997 119 120 121 4. Security Considerations 122 123 The anonymous mechanism grants access to information by anyone. For 124 this reason it should be disabled by default so the administrator can 125 make an explicit decision to enable it. 126 127 If the anonymous user has any write privileges, a denial of service 128 attack is possible by filling up all available space. This can be 129 prevented by disabling all write access by anonymous users. 130 131 If anonymous users have read and write access to the same area, the 132 server can be used as a communication mechanism to anonymously 133 exchange information. Servers which accept anonymous submissions 134 should implement the common "drop box" model which forbids anonymous 135 read access to the area where anonymous submissions are accepted. 136 137 If the anonymous user can run many expensive operations (e.g., an 138 IMAP SEARCH BODY command), this could enable a denial of service 139 attack. Servers are encouraged to limit the number of anonymous 140 users and reduce their priority or limit their resource usage. 141 142 If there is no idle timeout for the anonymous user and there is a 143 limit on the number of anonymous users, a denial of service attack is 144 enabled. Servers should implement an idle timeout for anonymous 145 users. 146 147 The trace information is not authenticated so it can be falsified. 148 This can be used as an attempt to get someone else in trouble for 149 access to questionable information. Administrators trying to trace 150 abuse need to realize this information may be falsified. 151 152 A client which uses the user's correct email address as trace 153 information without explicit permission may violate that user's 154 privacy. Information about who accesses an anonymous archive on a 155 sensitive subject (e.g., sexual abuse) has strong privacy needs. 156 Clients should not send the email address without explicit permission 157 of the user and should offer the option of supplying no trace token 158 -- thus only exposing the source IP address and time. Anonymous 159 proxy servers could enhance this privacy, but would have to consider 160 the resulting potential denial of service attacks. 161 162 Anonymous connections are susceptible to man in the middle attacks 163 which view or alter the data transferred. Clients and servers are 164 encouraged to support external integrity and encryption mechanisms. 165 166 Protocols which fail to require an explicit anonymous login are more 167 susceptible to break-ins given certain common implementation 168 techniques. Specifically, Unix servers which offer user login may 169 170 171 172 Newman Standards Track [Page 3] 173 175 RFC 2245 Anonymous SASL Mechanism November 1997 176 177 178 initially start up as root and switch to the appropriate user id 179 after an explicit login command. Normally such servers refuse all 180 data access commands prior to explicit login and may enter a 181 restricted security environment (e.g., the Unix chroot function) for 182 anonymous users. If anonymous access is not explicitly requested, 183 the entire data access machinery is exposed to external security 184 attacks without the chance for explicit protective measures. 185 Protocols which offer restricted data access should not allow 186 anonymous data access without an explicit login step. 187 188 5. References 189 190 [ABNF] Crocker, D. and P. Overell, "Augmented BNF for Syntax 191 Specifications: ABNF", RFC 2234, November 1997. 192 193 [IMAIL] Crocker, D., "Standard for the Format of Arpa Internet Text 194 Messages", STD 11, RFC 822, August 1982. 195 196 [IMAP4] Crispin, M., "Internet Message Access Protocol - Version 197 4rev1", RFC 2060, December 1996. 198 199 [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate 200 Requirement Levels", RFC 2119, March 1997. 201 202 [SASL] Myers, J., "Simple Authentication and Security Layer (SASL)", 203 RFC 2222, October 1997. 204 205 6. Author's Address 206 207 Chris Newman 208 Innosoft International, Inc. 209 1050 Lakes Drive 210 West Covina, CA 91790 USA 211 212 Email: chris.newman (a] innosoft.com 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 Newman Standards Track [Page 4] 230 232 RFC 2245 Anonymous SASL Mechanism November 1997 233 234 235 7. Full Copyright Statement 236 237 Copyright (C) The Internet Society (1997). All Rights Reserved. 238 239 This document and translations of it may be copied and furnished to 240 others, and derivative works that comment on or otherwise explain it 241 or assist in its implementation may be prepared, copied, published 242 and distributed, in whole or in part, without restriction of any 243 kind, provided that the above copyright notice and this paragraph are 244 included on all such copies and derivative works. However, this 245 document itself may not be modified in any way, such as by removing 246 the copyright notice or references to the Internet Society or other 247 Internet organizations, except as needed for the purpose of 248 developing Internet standards in which case the procedures for 249 copyrights defined in the Internet Standards process must be 250 followed, or as required to translate it into languages other than 251 English. 252 253 The limited permissions granted above are perpetual and will not be 254 revoked by the Internet Society or its successors or assigns. 255 256 This document and the information contained herein is provided on an 257 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 258 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 259 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 260 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 261 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 Newman Standards Track [Page 5] 287 289
Indexes created Sat Feb 28 05:31:39 UTC 2026