[KEYPROV] PROTO Writeup for draft-mraihi-totp-timebased-05.txt
Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Sun, 04 April 2010 17:54 UTC
Return-Path: <Hannes.Tschofenig@gmx.net>
X-Original-To: keyprov@core3.amsl.com
Delivered-To: keyprov@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 057223A6869 for <keyprov@core3.amsl.com>; Sun, 4 Apr 2010 10:54:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FXVF-Q1d7jKJ for <keyprov@core3.amsl.com>; Sun, 4 Apr 2010 10:54:13 -0700 (PDT)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by core3.amsl.com (Postfix) with SMTP id 1E4BE3A692C for <keyprov@ietf.org>; Sun, 4 Apr 2010 10:54:08 -0700 (PDT)
Received: (qmail invoked by alias); 04 Apr 2010 17:54:05 -0000
Received: from a88-115-222-204.elisa-laajakaista.fi (EHLO [192.168.1.2]) [88.115.222.204] by mail.gmx.net (mp062) with SMTP; 04 Apr 2010 19:54:05 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/e9uZeAJneEn0DtT1tJ6FjPdTh/fxOly7RhXGlI5 YkCWjGqDe9C2xZ
Message-ID: <4BB8D225.5020806@gmx.net>
Date: Sun, 04 Apr 2010 20:53:41 +0300
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0
To: "Turner, Sean P." <turners@ieca.com>, Tim Polk <tim.polk@nist.gov>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
X-FuHaFi: 0.46999999999999997
Cc: keyprov@ietf.org
Subject: [KEYPROV] PROTO Writeup for draft-mraihi-totp-timebased-05.txt
X-BeenThere: keyprov@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Provisioning of Symmetric Keys \(keyprov\)" <keyprov.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyprov>
List-Post: <mailto:keyprov@ietf.org>
List-Help: <mailto:keyprov-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Apr 2010 17:54:15 -0000
Hi Sean, Hi Tim, as discussed please find the PROTO writeup for draft-mraihi-totp-timebased-05.txt below. Ciao Hannes ------------------ PROTO WRITEUP for draft-mraihi-totp-timebased-05 ========================================================== http://tools.ietf.org/html/draft-mraihi-totp-timebased-05 (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he or she believe this version is ready for forwarding to the IESG for publication? The document shepherd is Hannes Tschofenig (Hannes.Tschofenig@gmx.net). I have personally reviewed the document and I believe it is ready for publication. (1.b) Has the document had adequate review both from key WG members and from key non-WG members? Does the Document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The document has not been developed within an IETF working group. Instead, it was brought forward by KEYPROV WG participants who are also active in the OATH community. In fact, the work started in OATH with the goal to extend HOTP [RFC 4226] to support time based moving factor. Several companies have already implementing this draft and would like to get it published as an RFC. Testimonials supporting this work from a small subset of OATH members can be found at http://www.tschofenig.priv.at/keyprov/TOTP_Industry_Support.doc A complete list of OATH members can be found at http://www.openauthentication.org/members. Brief Timeline of this document: - 00 (March 2008) + Original submission. - 01 (January 2009) + Updated IETF template. - 02 (May 2009) + Added hash algorithm agility, support for SHA256 & SHA512 to be used for HMAC operation. + Updated sample code and test vectors. - 03 (May 2009) + Added security consideration around key length. - 04 (Dec 2009) + Updated source code and test vectors. - 05 (Mar 2010) + Review comments by document shepherd addressed. (1.c) Does the Document Shepherd have concerns that the document needs more review from a particular or broader perspective, e.g., security, operational complexity, someone familiar with AAA, internationalization, or XML? There are no concerns with this document. Additional reviews will be provided by the members of the SECDIR review team. (1.d) Does the Document Shepherd have any specific concerns or issues with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. Has an IPR disclosure related to this document been filed? If so, please include a reference to the disclosure and summarize the WG discussion and conclusion on this issue. There are no concerns with this document. No IPR disclosures have been filed. (1.e) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? This specification was developed by the OATH community and implementations exist. This is not the product of an IETF working group. (1.f) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarize the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is entered into the ID Tracker.) To my knowledge nobody has expressed discontent with this document. (1.g) Has the Document Shepherd personally verified that the document satisfies all ID nits? (See http://www.ietf.org/ID-Checklist.html and http://tools.ietf.org/tools/idnits/.) Boilerplate checks are not enough; this check needs to be thorough. Has the document met all formal review criteria it needs to, such as the MIB Doctor, media type, and URI type reviews? If the document does not already indicate its intended status at the top of the first page, please indicate the intended status here. The document does not contain nits. (1.h) Has the document split its references into normative and informative? Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the strategy for their completion? Are there normative references that are downward references, as described in [RFC3967]? If so, list these downward references to support the Area Director in the Last Call procedure for them [RFC3967]. The document has been split into normative and informative references. The intended status of this document is an Informational RFC. (1.i) Has the Document Shepherd verified that the document's IANA Considerations section exists and is consistent with the body of the document? If the document specifies protocol extensions, are reservations requested in appropriate IANA registries? Are the IANA registries clearly identified? If the document creates a new registry, does it define the proposed initial contents of the registry and an allocation procedure for future registrations? Does it suggest a reasonable name for the new registry? See [RFC2434]. If the document describes an Expert Review process, has the Document Shepherd conferred with the Responsible Area Director so that the IESG can appoint the needed Expert during IESG Evaluation? This document does not require actions by IANA. (1.j) Has the Document Shepherd verified that sections of the document that are written in a formal language, such as XML code, BNF rules, MIB definitions, etc., validate correctly in an automated checker? There is Java code in this document (along with test vectors). The PROTO shepherd has verified the code. The test vectors produce the desired output shown in the document. (1.k) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary This document describes an extension of one-time password (OTP) algorithm, namely the HAMC-Based One-Time Password (HOTP) Algorithm as defined in RFC 4226, to support time-based moving factor. The HOTP algorithm specifies an event based OTP algorithm where the moving factor is an event counter. The present work bases the moving factor on a time value. A time-based variant of the OTP algorithm provides short-lived OTP values, which are desirable for enhanced security. The authors believe that a common and shared algorithm will facilitate adoption of two-factor authentication on the Internet by enabling interoperability across commercial and open-source implementations. Working Group Summary This document was developed outside the IETF, namely in the OATH community. A number of OATH members participated in the IETF KEYPROV working group and brought this work forward to the IETF. Document Quality This document is an AD-sponsored submission and has enjoyed review within the OATH community. Implementations of the specification exist. Personnel Hannes Tschofenig is the document shepherd for this document.
- [KEYPROV] PROTO Writeup for draft-mraihi-totp-tim… Hannes Tschofenig
- Re: [KEYPROV] PROTO Writeup for draft-mraihi-totp… Philip Hoyer