1 1.1 agc 2 1.1 agc 3 1.1 agc 4 1.1 agc 5 1.1 agc 6 1.1 agc 7 1.1 agc Network Working Group C. Newman 8 1.1 agc Request for Comments: 2245 Innosoft 9 1.1 agc Category: Standards Track November 1997 10 1.1 agc 11 1.1 agc 12 1.1 agc Anonymous SASL Mechanism 13 1.1 agc 14 1.1 agc Status of this Memo 15 1.1 agc 16 1.1 agc This document specifies an Internet standards track protocol for the 17 1.1 agc Internet community, and requests discussion and suggestions for 18 1.1 agc improvements. Please refer to the current edition of the "Internet 19 1.1 agc Official Protocol Standards" (STD 1) for the standardization state 20 1.1 agc and status of this protocol. Distribution of this memo is unlimited. 21 1.1 agc 22 1.1 agc Copyright Notice 23 1.1 agc 24 1.1 agc Copyright (C) The Internet Society (1997). All Rights Reserved. 25 1.1 agc 26 1.1 agc Abstract 27 1.1 agc 28 1.1 agc It is common practice on the Internet to permit anonymous access to 29 1.1 agc various services. Traditionally, this has been done with a plain 30 1.1 agc text password mechanism using "anonymous" as the user name and 31 1.1 agc optional trace information, such as an email address, as the 32 1.1 agc password. As plaintext login commands are not permitted in new IETF 33 1.1 agc protocols, a new way to provide anonymous login is needed within the 34 1.1 agc context of the SASL [SASL] framework. 35 1.1 agc 36 1.1 agc 1. Conventions Used in this Document 37 1.1 agc 38 1.1 agc The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY" 39 1.1 agc in this document are to be interpreted as defined in "Key words for 40 1.1 agc use in RFCs to Indicate Requirement Levels" [KEYWORDS]. 41 1.1 agc 42 1.1 agc 2. Anonymous SASL mechanism 43 1.1 agc 44 1.1 agc The mechanism name associated with anonymous access is "ANONYMOUS". 45 1.1 agc The mechanism consists of a single message from the client to the 46 1.1 agc server. The client sends optional trace information in the form of a 47 1.1 agc human readable string. The trace information should take one of 48 1.1 agc three forms: an Internet email address, an opaque string which does 49 1.1 agc not contain the '@' character and can be interpreted by the system 50 1.1 agc administrator of the client's domain, or nothing. For privacy 51 1.1 agc reasons, an Internet email address should only be used with 52 1.1 agc permission from the user. 53 1.1 agc 54 1.1 agc 55 1.1 agc 56 1.1 agc 57 1.1 agc 58 1.1 agc Newman Standards Track [Page 1] 59 1.1 agc 61 1.1 agc RFC 2245 Anonymous SASL Mechanism November 1997 62 1.1 agc 63 1.1 agc 64 1.1 agc A server which permits anonymous access will announce support for the 65 1.1 agc ANONYMOUS mechanism, and allow anyone to log in using that mechanism, 66 1.1 agc usually with restricted access. 67 1.1 agc 68 1.1 agc The formal grammar for the client message using Augmented BNF [ABNF] 69 1.1 agc follows. 70 1.1 agc 71 1.1 agc message = [email / token] 72 1.1 agc 73 1.1 agc TCHAR = %x20-3F / %x41-7E 74 1.1 agc ;; any printable US-ASCII character except '@' 75 1.1 agc 76 1.1 agc email = addr-spec 77 1.1 agc ;; as defined in [IMAIL], except with no free 78 1.1 agc ;; insertion of linear-white-space, and the 79 1.1 agc ;; local-part MUST either be entirely enclosed in 80 1.1 agc ;; quotes or entirely unquoted 81 1.1 agc 82 1.1 agc token = 1*255TCHAR 83 1.1 agc 84 1.1 agc 3. Example 85 1.1 agc 86 1.1 agc 87 1.1 agc Here is a sample anonymous login between an IMAP client and server. 88 1.1 agc In this example, "C:" and "S:" indicate lines sent by the client and 89 1.1 agc server respectively. If such lines are wrapped without a new "C:" or 90 1.1 agc "S:" label, then the wrapping is for editorial clarity and is not 91 1.1 agc part of the command. 92 1.1 agc 93 1.1 agc Note that this example uses the IMAP profile [IMAP4] of SASL. The 94 1.1 agc base64 encoding of challenges and responses, as well as the "+ " 95 1.1 agc preceding the responses are part of the IMAP4 profile, not part of 96 1.1 agc SASL itself. Newer profiles of SASL will include the client message 97 1.1 agc with the AUTHENTICATE command itself so the extra round trip below 98 1.1 agc (the server response with an empty "+ ") can be eliminated. 99 1.1 agc 100 1.1 agc In this example, the user's opaque identification token is "sirhc". 101 1.1 agc 102 1.1 agc S: * OK IMAP4 server ready 103 1.1 agc C: A001 CAPABILITY 104 1.1 agc S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=CRAM-MD5 AUTH=ANONYMOUS 105 1.1 agc S: A001 OK done 106 1.1 agc C: A002 AUTHENTICATE ANONYMOUS 107 1.1 agc S: + 108 1.1 agc C: c2lyaGM= 109 1.1 agc S: A003 OK Welcome, trace information has been logged. 110 1.1 agc 111 1.1 agc 112 1.1 agc 113 1.1 agc 114 1.1 agc 115 1.1 agc Newman Standards Track [Page 2] 116 1.1 agc 118 1.1 agc RFC 2245 Anonymous SASL Mechanism November 1997 119 1.1 agc 120 1.1 agc 121 1.1 agc 4. Security Considerations 122 1.1 agc 123 1.1 agc The anonymous mechanism grants access to information by anyone. For 124 1.1 agc this reason it should be disabled by default so the administrator can 125 1.1 agc make an explicit decision to enable it. 126 1.1 agc 127 1.1 agc If the anonymous user has any write privileges, a denial of service 128 1.1 agc attack is possible by filling up all available space. This can be 129 1.1 agc prevented by disabling all write access by anonymous users. 130 1.1 agc 131 1.1 agc If anonymous users have read and write access to the same area, the 132 1.1 agc server can be used as a communication mechanism to anonymously 133 1.1 agc exchange information. Servers which accept anonymous submissions 134 1.1 agc should implement the common "drop box" model which forbids anonymous 135 1.1 agc read access to the area where anonymous submissions are accepted. 136 1.1 agc 137 1.1 agc If the anonymous user can run many expensive operations (e.g., an 138 1.1 agc IMAP SEARCH BODY command), this could enable a denial of service 139 1.1 agc attack. Servers are encouraged to limit the number of anonymous 140 1.1 agc users and reduce their priority or limit their resource usage. 141 1.1 agc 142 1.1 agc If there is no idle timeout for the anonymous user and there is a 143 1.1 agc limit on the number of anonymous users, a denial of service attack is 144 1.1 agc enabled. Servers should implement an idle timeout for anonymous 145 1.1 agc users. 146 1.1 agc 147 1.1 agc The trace information is not authenticated so it can be falsified. 148 1.1 agc This can be used as an attempt to get someone else in trouble for 149 1.1 agc access to questionable information. Administrators trying to trace 150 1.1 agc abuse need to realize this information may be falsified. 151 1.1 agc 152 1.1 agc A client which uses the user's correct email address as trace 153 1.1 agc information without explicit permission may violate that user's 154 1.1 agc privacy. Information about who accesses an anonymous archive on a 155 1.1 agc sensitive subject (e.g., sexual abuse) has strong privacy needs. 156 1.1 agc Clients should not send the email address without explicit permission 157 1.1 agc of the user and should offer the option of supplying no trace token 158 1.1 agc -- thus only exposing the source IP address and time. Anonymous 159 1.1 agc proxy servers could enhance this privacy, but would have to consider 160 1.1 agc the resulting potential denial of service attacks. 161 1.1 agc 162 1.1 agc Anonymous connections are susceptible to man in the middle attacks 163 1.1 agc which view or alter the data transferred. Clients and servers are 164 1.1 agc encouraged to support external integrity and encryption mechanisms. 165 1.1 agc 166 1.1 agc Protocols which fail to require an explicit anonymous login are more 167 1.1 agc susceptible to break-ins given certain common implementation 168 1.1 agc techniques. Specifically, Unix servers which offer user login may 169 1.1 agc 170 1.1 agc 171 1.1 agc 172 1.1 agc Newman Standards Track [Page 3] 173 1.1 agc 175 1.1 agc RFC 2245 Anonymous SASL Mechanism November 1997 176 1.1 agc 177 1.1 agc 178 1.1 agc initially start up as root and switch to the appropriate user id 179 1.1 agc after an explicit login command. Normally such servers refuse all 180 1.1 agc data access commands prior to explicit login and may enter a 181 1.1 agc restricted security environment (e.g., the Unix chroot function) for 182 1.1 agc anonymous users. If anonymous access is not explicitly requested, 183 1.1 agc the entire data access machinery is exposed to external security 184 1.1 agc attacks without the chance for explicit protective measures. 185 1.1 agc Protocols which offer restricted data access should not allow 186 1.1 agc anonymous data access without an explicit login step. 187 1.1 agc 188 1.1 agc 5. References 189 1.1 agc 190 1.1 agc [ABNF] Crocker, D. and P. Overell, "Augmented BNF for Syntax 191 1.1 agc Specifications: ABNF", RFC 2234, November 1997. 192 1.1 agc 193 1.1 agc [IMAIL] Crocker, D., "Standard for the Format of Arpa Internet Text 194 1.1 agc Messages", STD 11, RFC 822, August 1982. 195 1.1 agc 196 1.1 agc [IMAP4] Crispin, M., "Internet Message Access Protocol - Version 197 1.1 agc 4rev1", RFC 2060, December 1996. 198 1.1 agc 199 1.1 agc [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate 200 1.1 agc Requirement Levels", RFC 2119, March 1997. 201 1.1 agc 202 1.1 agc [SASL] Myers, J., "Simple Authentication and Security Layer (SASL)", 203 1.1 agc RFC 2222, October 1997. 204 1.1 agc 205 1.1 agc 6. Author's Address 206 1.1 agc 207 1.1 agc Chris Newman 208 1.1 agc Innosoft International, Inc. 209 1.1 agc 1050 Lakes Drive 210 1.1 agc West Covina, CA 91790 USA 211 1.1 agc 212 1.1 agc Email: chris.newman (a] innosoft.com 213 1.1 agc 214 1.1 agc 215 1.1 agc 216 1.1 agc 217 1.1 agc 218 1.1 agc 219 1.1 agc 220 1.1 agc 221 1.1 agc 222 1.1 agc 223 1.1 agc 224 1.1 agc 225 1.1 agc 226 1.1 agc 227 1.1 agc 228 1.1 agc 229 1.1 agc Newman Standards Track [Page 4] 230 1.1 agc 232 1.1 agc RFC 2245 Anonymous SASL Mechanism November 1997 233 1.1 agc 234 1.1 agc 235 1.1 agc 7. Full Copyright Statement 236 1.1 agc 237 1.1 agc Copyright (C) The Internet Society (1997). All Rights Reserved. 238 1.1 agc 239 1.1 agc This document and translations of it may be copied and furnished to 240 1.1 agc others, and derivative works that comment on or otherwise explain it 241 1.1 agc or assist in its implementation may be prepared, copied, published 242 1.1 agc and distributed, in whole or in part, without restriction of any 243 1.1 agc kind, provided that the above copyright notice and this paragraph are 244 1.1 agc included on all such copies and derivative works. However, this 245 1.1 agc document itself may not be modified in any way, such as by removing 246 1.1 agc the copyright notice or references to the Internet Society or other 247 1.1 agc Internet organizations, except as needed for the purpose of 248 1.1 agc developing Internet standards in which case the procedures for 249 1.1 agc copyrights defined in the Internet Standards process must be 250 1.1 agc followed, or as required to translate it into languages other than 251 1.1 agc English. 252 1.1 agc 253 1.1 agc The limited permissions granted above are perpetual and will not be 254 1.1 agc revoked by the Internet Society or its successors or assigns. 255 1.1 agc 256 1.1 agc This document and the information contained herein is provided on an 257 1.1 agc "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 258 1.1 agc TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 259 1.1 agc BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 260 1.1 agc HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 261 1.1 agc MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 262 1.1 agc 263 1.1 agc 264 1.1 agc 265 1.1 agc 266 1.1 agc 267 1.1 agc 268 1.1 agc 269 1.1 agc 270 1.1 agc 271 1.1 agc 272 1.1 agc 273 1.1 agc 274 1.1 agc 275 1.1 agc 276 1.1 agc 277 1.1 agc 278 1.1 agc 279 1.1 agc 280 1.1 agc 281 1.1 agc 282 1.1 agc 283 1.1 agc 284 285 286 Newman Standards Track [Page 5] 287 289
Indexes created Sun Mar 01 05:31:48 UTC 2026