I don't believe any of my desirements justifies holding up publication. Practically speaking, I'm most interested in the "disconnected" case. It should also be the easiest to test thoroughly. I also believe the draft is good enough for this case. I would very much like to see client code capable of handling it widely deployed so I don't have to. I would like to see some indication that the specification is sufficient for some realistic connected token, but I'm not sure I'm qualified to judge that. I have not been looking at that case. (Yubikey doesn't count.) I would also like some better indication that the pin change stuff can work, but I expect pin changes to be "out of band" for anything I'm currently contemplating deploying. If no one else volunteers, I can probably look at that again within the next few weeks. > I'm thinking it would be useful to at least work out how a interoperable > profile of one OTP mechanism such as HOTP would work. I have some > cycles to work on such a profile, but I would need help (any takers?). Glad to help. No promises about speed of turnaround for my feedback, but please CC me at least. ------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@xxxxxxxxxxxx, or hbhotz@xxxxxxx _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf