IETF Logo Mail Archive

Re: [KEYPROV] PROTO Writeup for draft-mraihi-totp-timebased-05.txt

"Philip Hoyer" <phoyer@actividentity.com> Tue, 06 April 2010 10:52 UTC

Return-Path: <phoyer@actividentity.com>
X-Original-To: keyprov@core3.amsl.com
Delivered-To: keyprov@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7707D3A68E7 for <keyprov@core3.amsl.com>; Tue, 6 Apr 2010 03:52:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.351
X-Spam-Level:
X-Spam-Status: No, score=0.351 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HELO_EQ_FR=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rMt5i-YATnj2 for <keyprov@core3.amsl.com>; Tue, 6 Apr 2010 03:52:07 -0700 (PDT)
Received: from frhub1.activcard.fr (frhub1.activcard.fr [92.103.229.143]) by core3.amsl.com (Postfix) with ESMTP id 712093A68CF for <keyprov@ietf.org>; Tue, 6 Apr 2010 03:52:04 -0700 (PDT)
Received: from sur-corp-ex-02.corp.ad.activcard.com (sur-corp-ex-02.corp.ad.activcard.com [192.168.33.40]) by frhub1.activcard.fr (Postfix) with ESMTP id 7CEB7183974; Tue, 6 Apr 2010 12:52:01 +0200 (CEST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 06 Apr 2010 12:54:30 +0200
Message-ID: <5BFE9E473DBFC24CA87F18F29B3F0AC4068906BC@sur-corp-ex-02.corp.ad.activcard.com>
In-Reply-To: <4BB8D225.5020806@gmx.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [KEYPROV] PROTO Writeup for draft-mraihi-totp-timebased-05.txt
Thread-Index: AcrUIDIm6SRflTrNTyicwmX14QR8FwBV0OLQ
References: <4BB8D225.5020806@gmx.net>
From: Philip Hoyer <phoyer@actividentity.com>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
Cc: oath_technical@v2.listbox.com, keyprov@ietf.org, Tim Polk <tim.polk@nist.gov>
Subject: Re: [KEYPROV] PROTO Writeup for draft-mraihi-totp-timebased-05.txt
X-BeenThere: keyprov@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Provisioning of Symmetric Keys \(keyprov\)" <keyprov.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyprov>
List-Post: <mailto:keyprov@ietf.org>
List-Help: <mailto:keyprov-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Apr 2010 10:52:08 -0000

Thanks Hannes for your work on this.

Copying the OATH technical list.

Philip

-----Original Message-----
From: keyprov-bounces@ietf.org [mailto:keyprov-bounces@ietf.org] On
Behalf Of Hannes Tschofenig
Sent: Sunday, April 04, 2010 6:54 PM
To: Turner, Sean P.; Tim Polk
Cc: keyprov@ietf.org
Subject: [KEYPROV] PROTO Writeup for draft-mraihi-totp-timebased-05.txt

Hi Sean,
Hi Tim,

as discussed please find the PROTO writeup for 
draft-mraihi-totp-timebased-05.txt below.

Ciao
Hannes

------------------

PROTO WRITEUP for draft-mraihi-totp-timebased-05
==========================================================

http://tools.ietf.org/html/draft-mraihi-totp-timebased-05
 
 
   (1.a)  Who is the Document Shepherd for this document?  Has the
          Document Shepherd personally reviewed this version of the
          document and, in particular, does he or she believe this
          version is ready for forwarding to the IESG for publication?

The document shepherd is Hannes Tschofenig (Hannes.Tschofenig@gmx.net).
I have personally reviewed the document and I believe it is ready for
publication.

   (1.b)  Has the document had adequate review both from key WG members
          and from key non-WG members?  Does the Document Shepherd have
          any concerns about the depth or breadth of the reviews that
          have been performed?

The document has not been developed within an IETF working group.
Instead, it was brought forward by KEYPROV WG participants who are also
active in the OATH community. In fact, the work started in OATH with
the goal to extend HOTP [RFC 4226] to support time based moving factor.

Several companies have already implementing this draft and would like
to get it published as an RFC.

Testimonials supporting this work from a small subset of OATH
members can be found at
http://www.tschofenig.priv.at/keyprov/TOTP_Industry_Support.doc

A complete list of OATH members can be found at
http://www.openauthentication.org/members.


Brief Timeline of this document:
- 00 (March 2008)
     + Original submission.
- 01 (January 2009)
     + Updated IETF template.
- 02 (May 2009)
     + Added hash algorithm agility, support for SHA256 & SHA512 to
       be used for HMAC operation.
     + Updated sample code and test vectors.
- 03 (May 2009)
     + Added security consideration around key length.
- 04 (Dec 2009)
     + Updated source code and test vectors.
- 05 (Mar 2010)
     + Review comments by document shepherd addressed.
 
   (1.c)  Does the Document Shepherd have concerns that the document
          needs more review from a particular or broader perspective,
          e.g., security, operational complexity, someone familiar with
          AAA, internationalization, or XML?

There are no concerns with this document.
Additional reviews will be provided by the members of the SECDIR review 
team.
 
   (1.d)  Does the Document Shepherd have any specific concerns or
          issues with this document that the Responsible Area Director
          and/or the IESG should be aware of?  For example, perhaps he
          or she is uncomfortable with certain parts of the document, or
          has concerns whether there really is a need for it.  In any
          event, if the WG has discussed those issues and has indicated
          that it still wishes to advance the document, detail those
          concerns here.  Has an IPR disclosure related to this document
          been filed?  If so, please include a reference to the
          disclosure and summarize the WG discussion and conclusion on
          this issue.

There are no concerns with this document. No IPR disclosures have been
filed.


   (1.e)  How solid is the WG consensus behind this document?  Does it
          represent the strong concurrence of a few individuals, with
          others being silent, or does the WG as a whole understand and
          agree with it?

This specification was developed by the OATH community and
implementations exist. This is not the product of an IETF working group.

   (1.f)  Has anyone threatened an appeal or otherwise indicated extreme
          discontent?  If so, please summarize the areas of conflict in
          separate email messages to the Responsible Area Director.  (It
          should be in a separate email because this questionnaire is
          entered into the ID Tracker.)

To my knowledge nobody has expressed discontent with this document.

   (1.g)  Has the Document Shepherd personally verified that the
          document satisfies all ID nits?  (See
          http://www.ietf.org/ID-Checklist.html and
          http://tools.ietf.org/tools/idnits/.)  Boilerplate checks are
          not enough; this check needs to be thorough.  Has the document
          met all formal review criteria it needs to, such as the MIB
          Doctor, media type, and URI type reviews?  If the document
          does not already indicate its intended status at the top of
          the first page, please indicate the intended status here.
 
The document does not contain nits.

   (1.h)  Has the document split its references into normative and
          informative?  Are there normative references to documents that
          are not ready for advancement or are otherwise in an unclear
          state?  If such normative references exist, what is the
          strategy for their completion?  Are there normative references
          that are downward references, as described in [RFC3967]?  If
          so, list these downward references to support the Area
          Director in the Last Call procedure for them [RFC3967].


The document has been split into normative and informative references.
The intended status of this document is an Informational RFC.


             
   (1.i)  Has the Document Shepherd verified that the document's IANA
          Considerations section exists and is consistent with the body
          of the document?  If the document specifies protocol
          extensions, are reservations requested in appropriate IANA
          registries?  Are the IANA registries clearly identified?  If
          the document creates a new registry, does it define the
          proposed initial contents of the registry and an allocation
          procedure for future registrations?  Does it suggest a
          reasonable name for the new registry?  See [RFC2434].  If the
          document describes an Expert Review process, has the Document
          Shepherd conferred with the Responsible Area Director so that
          the IESG can appoint the needed Expert during IESG Evaluation?

This document does not require actions by IANA.

   (1.j)  Has the Document Shepherd verified that sections of the
          document that are written in a formal language, such as XML
          code, BNF rules, MIB definitions, etc., validate correctly in
          an automated checker?

There is Java code in this document (along with test vectors).
The PROTO shepherd has verified the code. The test vectors produce
the desired output shown in the document.

   (1.k)  The IESG approval announcement includes a Document
          Announcement Write-Up.  Please provide such a Document
          Announcement Write-Up.  Recent examples can be found in the
          "Action" announcements for approved documents.  The approval
          announcement contains the following sections:
 

   Technical Summary
 
   This document describes an extension of one-time password (OTP)
   algorithm, namely the HAMC-Based One-Time Password (HOTP) Algorithm
   as defined in RFC 4226, to support time-based moving factor.  The
   HOTP algorithm specifies an event based OTP algorithm where the
   moving factor is an event counter.  The present work bases the moving
   factor on a time value.  A time-based variant of the OTP algorithm
   provides short-lived OTP values, which are desirable for enhanced
   security.

   The authors believe that a common and shared algorithm will
   facilitate adoption of two-factor authentication on the Internet by
   enabling interoperability across commercial and open-source
   implementations.

   Working Group Summary

   This document was developed outside the IETF, namely in the OATH
   community. A number of OATH members participated in the IETF KEYPROV
   working group and brought this work forward to the IETF.   

   Document Quality

   This document is an AD-sponsored submission and has enjoyed review
   within the OATH community. Implementations of the specification
exist.
     
   Personnel

   Hannes Tschofenig is the document shepherd for this document.

 
_______________________________________________
KEYPROV mailing list
KEYPROV@ietf.org
https://www.ietf.org/mailman/listinfo/keyprov

v2.23.0 | Report a Bug | By Email