The IESG has approved the following document: - 'SCRAM-SHA-256 and SCRAM-SHA-256-PLUS SASL Mechanisms' (draft-hansen-scram-sha256-04.txt) as Proposed Standard This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Stephen Farrell. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-hansen-scram-sha256/ Technical Summary This document registers the SASL mechanisms SCRAM-SHA-256 and SCRAM-SHA-256-PLUS. It also updates the SCRAM mechanism registration procedures of RFC 5802, by updating the mailing list reference and adding a few more requirements. Working Group Summary This is an individual submission, but the document had an adequate number of reviews on the Kitten WG mailing list. It was also mentioned/discussed in the HTTPAUTH WG. The document is pretty straigtforward, but one issue resulted in a longer discussion: tls-unique channel binding is now known to be broken unless use of draft-ietf-tls-session-hash-06 TLS extension is negotiated. While ideally the base SCRAM document should have been updated to mention this, it is useful to mention this issue in this draft. Document Quality This is a pretty simple specification. I (SF) don't know of implementations. Personnel Alexey Melnikov is the document shepherd. Stephen Farrell is the irresponsible AD. RFC Editor Note In the abstract please remove the colon after "registers:" and s/provdes/provides/
