Package: dynalogin Severity: wishlist The TOTP spec (RFC 6238) suggests that a server should tolerate tokens that don't have precise time sync with the server
See section 5.2 of the RFC, "The validation system should compare OTPs not only with the receiving timestamp but also the past timestamps that are within the transmission delay" Initially, dynalogin could just detect if the client's clock is drifting and log warnings. A more complete solution may allow dynalogin to compensate for a client that is experiencing a loss of time synchronisation at a constant rate, although this functionality should be disabled by default. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
