The One Time Password (OTP) and Generic Token Card Authentication Protocols
draft-ietf-eap-otp-00
| Document | Type | Expired Internet-Draft (eap WG) | |
|---|---|---|---|
| Authors | Larry Blunk , John Vollbrecht , Dr. Bernard D. Aboba | ||
| Last updated | 2002-10-14 | ||
| Stream | Internet Engineering Task Force (IETF) | ||
| Formats |
Expired & archived
plain text
htmlized
pdfized
bibtex
|
||
| Stream | WG state | WG Document | |
| Document shepherd | (None) | ||
| IESG | IESG state | Expired | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
https://www.ietf.org/archive/id/draft-ietf-eap-otp-00.txt
Abstract
EAP is an authentication protocol which supports multiple authentication mechanisms. EAP typically runs directly over the link layer without requiring IP and therefore includes its own support for in-order delivery and re-transmission. While EAP was originally developed for use with PPP, it is also now in use with IEEE 802. This document defines the One Time Password (OTP) and Generic Token Card EAP methods, both of which provide one-way authentication, but not key generation. As a result, the OTP and Generic Token Card methods, when used by themselves, are only appropriate for use on networks where physical security can be assumed. These methods SHOULD NOT be used on wireless networks, or over the Internet, unless the EAP conversation is protected. This can be accomplished using technologies such as IPsec or TLS.
Authors
Larry Blunk
John Vollbrecht
Dr. Bernard D. Aboba
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)