"Greg" == Greg Hudson <ghudson(_at_)MIT(_dot_)EDU> writes:
87
Greg> On Fri, 2011-08-19 at 08:53 -0400,
gareth(_dot_)richards(_at_)rsa(_dot_)com
wrote:
>> I had always thought the same way as Sam, that clients would be
>> required to implement all of the options since there appears to
>> be no other way for them to support different disconnected token
>> types. The specification was intended to be token independent
>> and the assumption was always that the clients would also be.
Greg> I agree, at least at the general level and for disconnected
Greg> tokens. (Does nextOTP make any sense for disconnected
Greg> tokens?)
I think you prompt the person to hit the next value button
Yes, that's the idea. If the "nextOTP" flag is set then the client should
prompt the user for the next value and use it in a second authentication
request.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf