[RADIATOR] Fwd: [suggestions] draft-mraihi-totp-timebased-06.txt

Sun Oct 17 16:14:52 CDT 2010

Hi,
  Please see the email below from the authors of the above draft spec.

  Can you say when this may be included into radiator?

Regards

Matthew

Matthew Reeves-Hairs MBCS
(CCNA, CCNP, CCDA)
Director

Willow ICT Limited
13 Willow Close
Great Hormead
Hertfordshire, SG9 0NW
Mobile: +44 (0)7912 202627
Fax: +44 (0)7092 361501
matthew.reeves-hairs at willowict.com
http://www.willowict.com

Please consider the environment before printing this email.

The content of this email and any attachment is private and may be privileged.  If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised.  If you have received this email in error please notify the sender by email and delete this message and any attachments immediately.  Nothing in this email shall bind the Company in any contract or obligation, unless we have specifically agreed to be bound.

Sent from my iPad

Begin forwarded message:

> From: "Bajaj, Siddharth" <SBajaj at verisign.com>
> Date: 16 October 2010 01:13:02 GMT+01:00
> To: <matthew.reeves-hairs at willowict.com>
> Cc: "Pei, Mingliang" <mpei at verisign.com>, "Johan Rydell" <johan.rydell at portwise.com>, "Philip Hoyer" <phoyer at actividentity.com>
> Subject: FW: [suggestions] draft-mraihi-totp-timebased-06.txt
> 

> 
> Hi Matthew, 
> 
> First of all let me apologize for not responding to your inquiry sooner.
> Thanks for pointing out this gap in the TOTP specification. 
> 
> Even though this is not explicitly stated in the document - by
> definition OTPs or one-time passwords are meant to be used only once.
> This is also implied in the discussion in the last paragraph of section
> 5.2 of the I-D. 
> 
> We are hoping that this I-D is approved as an RFC in next couple of
> months. If we have an opportunity to add explicit clarifying language to
> address your concern, we will definitely do that.
> 
> In the interim, you can refer the vendor to my email and the spec
> authors. 
> 
> We are also launching the OATH certification program that will require
> any vendor who claims their product to be 'OATH certified' to be
> compliant with the certification documents.  
> 
> Thanks,
> 
> Siddharth
> 
> -----Original Message-----
> From: Jason Thompson [mailto:jason at jdthompson.com] 
> Sent: Wednesday, September 22, 2010 4:49 PM
> To: Bajaj, Siddharth
> Subject: FW: [suggestions] draft-mraihi-totp-timebased-06.txt
> 
> 
> -----Original Message-----
> From: Matthew.reeves-hairs at willowict.com
> Sent: Monday, September 20, 2010 8:14 AM
> To: suggestions at openauthentication.org
> Subject: [suggestions] draft-mraihi-totp-timebased-06.txt
> 
> mreeves sent a message using the contact form at
> http://www.openauthentication.org/contact.
> 
> Can you advise if the above mentioned document will be amended to fall
> in
> line with the certification document as published on this site?
> 
> I have hit a problem were a supplier of a radius system accepts multiple
> authentications using the same TOTP, they state that the confirm to the
> standard quoting the above doc, which makes no mention of only allowing
> a
> TOTP to be used one, were the certification doc specifically mentions
> this.
> 
> Thanks
> 
> Matthew Reeves-Hairs
> 
> 
> 
> 
> -- 
> This email was Anti Virus checked by Astaro Security Gateway. http://www.astaro.com for Willow ICT Limited
> 
> http://www.willowict.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20101017/4267eb30/attachment.html 