The One Time Password (OTP) and Generic Token Card Authentication Protocols

Document Type Expired Internet-Draft (eap WG)
Authors Larry Blunk  , John Vollbrecht  , Bernard Aboba 
Last updated 2002-10-14
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


EAP is an authentication protocol which supports multiple authentication mechanisms. EAP typically runs directly over the link layer without requiring IP and therefore includes its own support for in-order delivery and re-transmission. While EAP was originally developed for use with PPP, it is also now in use with IEEE 802. This document defines the One Time Password (OTP) and Generic Token Card EAP methods, both of which provide one-way authentication, but not key generation. As a result, the OTP and Generic Token Card methods, when used by themselves, are only appropriate for use on networks where physical security can be assumed. These methods SHOULD NOT be used on wireless networks, or over the Internet, unless the EAP conversation is protected. This can be accomplished using technologies such as IPsec or TLS.


Larry Blunk (
John Vollbrecht (
Bernard Aboba (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)