I don't believe any of my desirements justifies holding up publication.
Practically speaking, I'm most interested in the "disconnected" case. It
should also be the easiest to test thoroughly. I also believe the draft is
good enough for this case. I would very much like to see client code capable
of handling it widely deployed so I don't have to.
I would like to see some indication that the specification is sufficient for
some realistic connected token, but I'm not sure I'm qualified to judge that.
I have not been looking at that case. (Yubikey doesn't count.)
I would also like some better indication that the pin change stuff can work,
but I expect pin changes to be "out of band" for anything I'm currently
contemplating deploying. If no one else volunteers, I can probably look at
that again within the next few weeks.
I'm thinking it would be useful to at least work out how a interoperable
profile of one OTP mechanism such as HOTP would work. I have some
cycles to work on such a profile, but I would need help (any takers?).
Glad to help. No promises about speed of turnaround for my feedback, but
please CC me at least.
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry(_dot_)B(_dot_)Hotz(_at_)jpl(_dot_)nasa(_dot_)gov, or
hbhotz(_at_)oxy(_dot_)edu
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf