Thanks for this document. Re RFC 2289 it says:
o The initial One-Time Password systems, based on [RFC2289],
have ostensibly been replaced by HMAC based mechanism, as
specified in HOTP: An HMAC-Based One-Time Password Algorithm
[RFC4226]. [RFC4226] suggests following recommendations in
[RFC4086] for random input, and in [RFC4086] weakness of MD4
are discussed.
This sounds as if we should deprecate RFC 2289, and recommend RFC 4226
instead. However RFC 4226 is not on the standards track. Should it be
advanced to the standard track? HOTP doesn't have exactly the same
properties as S/KEY, but for practical purposes the are close enough.
/Simon
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf