The IESG has approved the following document: - 'The Protected One-Time Password Protocol (EAP-POTP) ' <draft-nystrom-eap-potp-07.txt> as an Informational RFC This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Jari Arkko. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-nystrom-eap-potp-07.txt Technical Summary This document describes a general EAP method suitable for use with One-Time Password (OTP) tokens, particularly with tokens that have direct electronic interfaces to their associated clients. The method provides either unilateral or mutual authentication and key material. It can be used in environments that employ EAP authentication, such as IKEv2, 802.11, 802.1X, or PPP. Working Group Summary This is an individual submission to the IESG. Pointers to the specification have been posted in the EAP and EMU WGs, and presentation about the protocol have been held in IETF 62 and 64. The specification has also been discussed in the OTPS mailing list and forum hosted by RSA Security. There are a number of vendors who have or are about to implement this. Given the widespread use of OTP token cards, it is expected that specifications for their use in EAP can be beneficial interoperability. While there are existing specifications for the use of OTP in EAP, they do not fulfill all current requirements. In addition, neither the EAP or EMU WGs currently have OTP support in their charter. Uri Blumenthal, Pasi Eronen, and David Black have reviewed this specification as a part of the IETF Last Call and solicited secdir reviews. All comments were addressed. Protocol Quality The protocol was reviewed for the IESG by Jari Arkko. Note to RFC Editor Please delete first paragraph of Section 8. _______________________________________________ IETF-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/ietf-announce
