Hi, Please see the email below from the authors of the above draft spec. Can you say when this may be included into radiator?
Regards Matthew Matthew Reeves-Hairs MBCS (CCNA, CCNP, CCDA) Director Willow ICT Limited 13 Willow Close Great Hormead Hertfordshire, SG9 0NW Mobile: +44 (0)7912 202627 Fax: +44 (0)7092 361501 [email protected] http://www.willowict.com Please consider the environment before printing this email. The content of this email and any attachment is private and may be privileged. If you are not the intended recipient, any use, disclosure, copying or forwarding of this email and/or its attachments is unauthorised. If you have received this email in error please notify the sender by email and delete this message and any attachments immediately. Nothing in this email shall bind the Company in any contract or obligation, unless we have specifically agreed to be bound. Sent from my iPad Begin forwarded message: > From: "Bajaj, Siddharth" <[email protected]> > Date: 16 October 2010 01:13:02 GMT+01:00 > To: <[email protected]> > Cc: "Pei, Mingliang" <[email protected]>, "Johan Rydell" > <[email protected]>, "Philip Hoyer" <[email protected]> > Subject: FW: [suggestions] draft-mraihi-totp-timebased-06.txt > > > Hi Matthew, > > First of all let me apologize for not responding to your inquiry sooner. > Thanks for pointing out this gap in the TOTP specification. > > Even though this is not explicitly stated in the document - by > definition OTPs or one-time passwords are meant to be used only once. > This is also implied in the discussion in the last paragraph of section > 5.2 of the I-D. > > We are hoping that this I-D is approved as an RFC in next couple of > months. If we have an opportunity to add explicit clarifying language to > address your concern, we will definitely do that. > > In the interim, you can refer the vendor to my email and the spec > authors. > > We are also launching the OATH certification program that will require > any vendor who claims their product to be 'OATH certified' to be > compliant with the certification documents. > > Thanks, > > Siddharth > > -----Original Message----- > From: Jason Thompson [mailto:[email protected]] > Sent: Wednesday, September 22, 2010 4:49 PM > To: Bajaj, Siddharth > Subject: FW: [suggestions] draft-mraihi-totp-timebased-06.txt > > > -----Original Message----- > From: [email protected] > Sent: Monday, September 20, 2010 8:14 AM > To: [email protected] > Subject: [suggestions] draft-mraihi-totp-timebased-06.txt > > mreeves sent a message using the contact form at > http://www.openauthentication.org/contact. > > Can you advise if the above mentioned document will be amended to fall > in > line with the certification document as published on this site? > > I have hit a problem were a supplier of a radius system accepts multiple > authentications using the same TOTP, they state that the confirm to the > standard quoting the above doc, which makes no mention of only allowing > a > TOTP to be used one, were the certification doc specifically mentions > this. > > Thanks > > Matthew Reeves-Hairs > > > > > -- > This email was Anti Virus checked by Astaro Security Gateway. > http://www.astaro.com for Willow ICT Limited > > http://www.willowict.com
_______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
