Heya!
A widely deployed way to do two-factor authentication is
TOTP. However, when used with an Android device Google Accounts have a
really nice flow where Google will send a push notification to the
Android device, which will then prompt the user with a "yes/no"
question as to whether they were trying to log in or not. From a UX
perspective this is much nicer than opening an app, manually typing in
a code, etc.
With WebPush core having been just ratified as RFC 8030, the time
seems ripe for standardizing an authentication scheme like described
above.
I have two questions:
1. Is there interest in creating such a standard at the IETF?
2. If there is, where would be the best place to do that work? I'm
relatively new to the IETF - I poked around Datatracker's list of
Working Groups and there didn't seem to be one that really fit that
well. Did I miss something? Or should this go through the IETF
individual submission track?
Please CC me on replies; I'm not subscribed.
Cheers!
AJ
signature.asc
Description: PGP signature