> > >>>>> "Greg" == Greg Hudson <[email protected]> writes: > 87 > Greg> On Fri, 2011-08-19 at 08:53 -0400, [email protected] > wrote: > >> I had always thought the same way as Sam, that clients would be > >> required to implement all of the options since there appears to > >> be no other way for them to support different disconnected token > >> types. The specification was intended to be token independent > >> and the assumption was always that the clients would also be. > > Greg> I agree, at least at the general level and for disconnected > Greg> tokens. (Does nextOTP make any sense for disconnected > Greg> tokens?) > > I think you prompt the person to hit the next value button
Yes, that's the idea. If the "nextOTP" flag is set then the client should prompt the user for the next value and use it in a second authentication request. _______________________________________________ Ietf mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf
