This extension specification is currently incubating. While incubating the version is 0.
Authentication is a necessary component to any real world application. The most "simple" mechanism for authenticating is leveraging a username and password for authentication. This Authentication Type provides a standardized mechanism for including a username and password in the Authentication Payload of the Authentication Extension using the Authentication Type of simple.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Username Length |
+-------------------------------+-------------------------------+
| Username ...
+-------------------------------+-------------------------------+
| Password ...
+-------------------------------+-------------------------------+
- Username Length: (16 bits = max value 2^16-1 = 65535) Unsigned 16-bit integer of Username Length in bytes.
- Username: The UTF-8 encoded username. The string MUST NOT be null terminated.
- Password: The UTF-8 encoded password. The string MUST NOT be null terminated.
The Simple Authentication Type transmits the username and password in cleartext. Additionally, it does not protect the authenticity or confidentiality of the payload that is transmitted along with it. This means that the Transport that is used should provide both authenticity and confidentiality to protect both the username and password and corresponding payload.
The use of the UTF-8 character encoding scheme and of normalization introduces additional security considerations; see Section 10 of [RFC3629] and Section 6 of [RFC5198] for more information.