Hello Matthew - The draft RFC doesn't mention replay attacks at all, so we are inclined to wait until the final spec comes out.
regards Hugh On 22 Sep 2010, at 08:51, Matthew Reeves-Hairs wrote: > Hugh, is there any indication if this will be changed to stop replay attacks > on totp? > > Thanks > > Matthew Reeves-Hairs MBCS > (CCNA, CCNP, CCDA) > Director > > Willow ICT Limited > 13 Willow Close > Great Hormead > Hertfordshire, SG9 0NW > Mobile: +44 (0)7912 202627 > Fax: +44 (0)7092 361501 > [email protected] > http://www.willowict.com > > Please consider the environment before printing this email. > > The content of this email and any attachment is private and may be > privileged. If you are not the intended recipient, any use, disclosure, > copying or forwarding of this email and/or its attachments is unauthorised. > If you have received this email in error please notify the sender by email > and delete this message and any attachments immediately. Nothing in this > email shall bind the Company in any contract or obligation, unless we have > specifically agreed to be bound. > > Sent from my iPad > > On 20 Sep 2010, at 15:55, Matthew Reeves-Hairs > <[email protected]> wrote: > >> Hugh, >> Can you say if you will be adopting the newer standard as published on the >> oath web site? >> >> Regards >> >> Matthew Reeves-Hairs MBCS >> (CCNA, CCNP, CCDA) >> Director >> >> Willow ICT Limited >> 13 Willow Close >> Great Hormead >> Hertfordshire, SG9 0NW >> Mobile: +44 (0)7912 202627 >> Fax: +44 (0)7092 361501 >> [email protected] >> http://www.willowict.com >> >> Please consider the environment before printing this email. >> >> The content of this email and any attachment is private and may be >> privileged. If you are not the intended recipient, any use, disclosure, >> copying or forwarding of this email and/or its attachments is unauthorised. >> If you have received this email in error please notify the sender by email >> and delete this message and any attachments immediately. Nothing in this >> email shall bind the Company in any contract or obligation, unless we have >> specifically agreed to be bound. >> >> Sent from my iPad >> >> On 20 Sep 2010, at 09:22, Hugh Irvine <[email protected]> wrote: >> >>> >>> Hello Matthew - >>> >>> The current implementation conforms to draft-mraihi-totp-timebased-06.txt, >>> which has nothing to say about replay attacks (though perhaps it should). >>> >>> regards >>> >>> Hugh >>> >>> >>> On 18 Sep 2010, at 23:12, Matthew Reeves-Hairs wrote: >>> >>>> Hi, >>>> I have notice that with TOTP even with the TimeStep set to 0 it is still >>>> possible to use the same otp more once, is this correct? >>>> >>>> Most time based OTP systems I've used reject the otp if it has already >>>> been used and you have to wait for the next time window. >>>> >>>> Hugh, can you comment on this. >>>> >>>> Regards >>>> >>>> Matthew Reeves-Hairs MBCS >>>> (CCNA, CCNP, CCDA) >>>> Director >>>> >>>> Willow ICT Limited >>>> 13 Willow Close >>>> Great Hormead >>>> Hertfordshire, SG9 0NW >>>> Mobile: +44 (0)7912 202627 >>>> Fax: +44 (0)7092 361501 >>>> [email protected] >>>> http://www.willowict.com >>>> <image.png> >>>> Please consider the environment before printing this email. >>>> >>>> The content of this email and any attachment is private and may be >>>> privileged. If you are not the intended recipient, any use, disclosure, >>>> copying or forwarding of this email and/or its attachments is >>>> unauthorised. If you have received this email in error please notify the >>>> sender by email and delete this message and any attachments immediately. >>>> Nothing in this email shall bind the Company in any contract or >>>> obligation, unless we have specifically agreed to be bound. >>>> >>>> _______________________________________________ >>>> radiator mailing list >>>> [email protected] >>>> http://www.open.com.au/mailman/listinfo/radiator >>> >>> >>> >>> NB: >>> >>> Have you read the reference manual ("doc/ref.html")? >>> Have you searched the mailing list archive >>> (www.open.com.au/archives/radiator)? >>> Have you had a quick look on Google (www.google.com)? >>> Have you included a copy of your configuration file (no secrets), >>> together with a trace 4 debug showing what is happening? >>> >>> -- >>> Radiator: the most portable, flexible and configurable RADIUS server >>> anywhere. Available on *NIX, *BSD, Windows, MacOS X. >>> Includes support for reliable RADIUS transport (RadSec), >>> and DIAMETER translation agent. >>> - >>> Nets: internetwork inventory and management - graphical, extensible, >>> flexible with hardware, software, platform and database independence. >>> - >>> CATool: Private Certificate Authority for Unix and Unix-like systems. >>> >>> >>> NB: Have you read the reference manual ("doc/ref.html")? Have you searched the mailing list archive (www.open.com.au/archives/radiator)? Have you had a quick look on Google (www.google.com)? Have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. Includes support for reliable RADIUS transport (RadSec), and DIAMETER translation agent. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
