>>>>> "Simon" == Simon Josefsson <simon@xxxxxxxxxxxxx> writes: Simon> Sam Hartman <hartmans-ietf@xxxxxxx> writes: >> Actually, I have a question about interoperability here. >> >> It's my assumption that a client of this specification needs to >> implement basically all the options: >> >> * encrypted OTP values and values used for key derivation * >> separate pins and pins that are together * at least 4 pass mode >> >> So that the server has flexibility to implement what its OTP >> token requires. >> >> Are people assuming that it is acceptable to implement a client >> that only implements the facilities needed by one particular OTP >> token? Simon> Yes, and I believe that is unavoidable -- there is no way to Simon> properly test all features of any implementation without Simon> having some OTP token that excercises each feature. OK. That makes me very uncomfortable. As an individual I'd prefer that this draft not be published without a mandatory-to-implement subset. My assumption was that the client needed to implement everything. If that's not globally held I think we have much more work to do. Please consider this an individual last call comment, not as a comment as a chair. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf