@techreport{ietf-eap-otp-00,
    number =    {draft-ietf-eap-otp-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-eap-otp/00/},
    author =    {Larry Blunk and John Vollbrecht and Dr. Bernard D. Aboba},
    title =     {{The One Time Password (OTP) and Generic Token Card Authentication Protocols}},
    pagetotal = 14,
    year =      2002,
    month =     oct,
    day =       14,
    abstract =  {EAP is an authentication protocol which supports multiple authentication mechanisms. EAP typically runs directly over the link layer without requiring IP and therefore includes its own support for in-order delivery and re-transmission. While EAP was originally developed for use with PPP, it is also now in use with IEEE 802. This document defines the One Time Password (OTP) and Generic Token Card EAP methods, both of which provide one-way authentication, but not key generation. As a result, the OTP and Generic Token Card methods, when used by themselves, are only appropriate for use on networks where physical security can be assumed. These methods SHOULD NOT be used on wireless networks, or over the Internet, unless the EAP conversation is protected. This can be accomplished using technologies such as IPsec or TLS.},
}