[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Groups - OTP Token Consolidated Input Submission (wss-v1 1-spec-os-OTPTokenProfile.pdf) uploaded
> The paper lists can be replaced by lists of genuinely random data obtained from a natural source of randomness without any effect on any intermediary.
Wouldn’t this “genuinely random data” still have to be written down on “paper lists”? In other words, the genuinely random data doesn’t replace the paper lists, it’s only a way to generate the data on the paper lists, right?
&Thomas.
From: Hallam-Baker,
Phillip [mailto:pbaker@verisign.com]
From: Paul Cotton [mailto:Paul.Cotton@microsoft.com]
Please explain your reasoning.
The only two locations that have to be aware of the algorithm used are the token itself and the authentication server that verifies it.
Both locations can be replaced by paper lists without effect on the intermediary. The paper lists can be replaced by lists of genuinely random data obtained from a natural source of randomness without any effect on any intermediary.
There is no way for any intermediary to determine what algorithm is used.
The only possible significance an intermediary can attach to the algorithm field is to disambiguate the ID field.
No.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]