Heya! A widely deployed way to do two-factor authentication is TOTP. However, when used with an Android device Google Accounts have a really nice flow where Google will send a push notification to the Android device, which will then prompt the user with a "yes/no" question as to whether they were trying to log in or not. From a UX perspective this is much nicer than opening an app, manually typing in a code, etc. With WebPush core having been just ratified as RFC 8030, the time seems ripe for standardizing an authentication scheme like described above. I have two questions: 1. Is there interest in creating such a standard at the IETF? 2. If there is, where would be the best place to do that work? I'm relatively new to the IETF - I poked around Datatracker's list of Working Groups and there didn't seem to be one that really fit that well. Did I miss something? Or should this go through the IETF individual submission track? Please CC me on replies; I'm not subscribed. Cheers! AJ
Attachment:
signature.asc
Description: PGP signature