Protocol Action: A One-Time Password System to Standard

The IESG <iesg-secretary@ietf.org> Fri, 30 June 2000 11:42 UTC

Message-Id: <200006301132.HAA13854@ietf.org>
To: IETF-Announce:;
Cc: RFC Editor <rfc-editor@isi.edu>
Cc: Internet Architecture Board <iab@isi.edu>
Cc: ietf-otp@research.telcordia.com
From: The IESG <iesg-secretary@ietf.org>
Subject: Protocol Action: A One-Time Password System to Standard
Date: Fri, 30 Jun 2000 07:32:43 -0400
Sender: scoya@cnri.reston.va.us


The IESG has approved RFC2289 (A One-Time Password System) as a
Standard.  This document is the product of the One Time Password
Authentication Working Group.

The contact persons are Jeff Schiller and Marcus Leech.


Technical Summary
 
 This protocol implements a one-time password system based on
 reverse-chain cryptographic hash functions.  It has seen extensive
 use over the last several years as a higher-security replacement for
 simple passwords in systems have conventionally accepted simple passwords.
 It is based on ealier work done at Bellcore and the Naval Research
Laboratory,
 and previously called S/KEY and OPIE.

Working Group Summary

 There was concensus in the WG for promotion to Full Standard.  The protocol
 is stable, and widely implemented.

Protocol Quality

 The protocol has been reviewed for the IESG by Marcus Leech.

Implementation Report

There are 4 mutually-interoperable, and genetically-unrelated implementations
available that have been in operation since 1998.  A detailed report can be
found at: http://www.ietf.org/IESG/OTP--Standard-implementation.

Protocol Action: A One-Time Password System to St… The IESG