In the whitepaper SCRAM: A New Protocol for Password Authentication published on 19th May we noted that both SCRAM (Salted Challenge Response Authentication Mechanism) and an associated specification defining how the data format used by SCRAM is stored in an LDAP directory were internet drafts that we expected to advance to RFC status soon.
Both of these RFCs have now been published:
- RFC 5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms
- RFC 5803: Lightweight Directory Acccess Protocol (LDAP) Schema for Storing Salted Challenge Response Response Authentication Mechanism (SCRAM) Secrets.
We’ve updated the whitepaper to reflect this change.
