Editor's note:  These minutes have not been edited.
 
37th IETF, San Jose, CA, December 12, 1996
Working Group on One-Time Password Authentication (OTP)


Reported by:	Neil Haller (notes recorded by Richard Graveman)


Report on Interoperability Demonstration
----------------------------------------

Advancing a Proposed Standard to Draft Standard requires demonstrating
interoperation between two or more independent implementations.  A
demonstration was held on December 10, 1996 using three servers and
four generators.  All systems interoperated.  A server and a generator
were from Rus Rashid (representing Bellcore), Corwin, and Phil Servita.
And additional generator was supplied by Phil Nesser.  All algorithms
(MD4, MD5, SHA1, and the alternative dictionary) were demonstrated.


Advancing RFC 1938 to Draft Standard
------------------------------------

The Working Group unanimously agreed that RFC 1938 should be submitted
to the IESG for advancement to Draft Standard.  During the discussion
Neil Haller announced that all changes discussed on the list will be
included in the revised document when it is issued as an Internet
Draft.  Denis Pinkas suggested that the Security Considerations section
be expanded to include the limitations of this technology.  Denis
agreed to write this paragraph and submit it to the mailing list.



OTP Extended Responses  <draft-ietf-otp-ext-01.txt>
----------------------------------------------------

Craig Metz (author of I-D) suggest that for consistency with the keyword
"init-word", the keyword specifying hexadecimal format be changed from
"init" to "init-hex".  Denis Pinkas suggested that as this response is
not likely to be manually entered, the 6-word format was unnecessary.
Ran Atkinson said that having both formats was convenient, and Phil
Servita said that the implementation of both was straightforward.  The
working group agreed to go with "init-hex" and "init-word".

Denis Pinkas spoke about the patent status of the part of this Internet
Draft.  A patent application has been filed by his firm on protecting 
re-initialization from certain active attacks.  He stated that the IETF
rules called for fair, reasonable, non-discriminatory and openly
specified terms for licensing.  The terms he expected, for which he does
not have formal approval, would be a royalty-free license subject to the
terms that would cover use of the patent only in relationship with RFC
1938 (the patent was said to include a variant for Kerberos) if the OTP
Extended Responses follows the standards track, if the requester agrees
to reciprocate, and if a notice will be placed on the software and
hardware.  Jeff Schiller (Security Area Director) polled the group, and
the opinion was that this technology should not be included in the draft.
Ran Atkinson added that the value of this addition to the protocol is
negligible as the OTP protocol doesn't in general defend against active
attacks.

Neil Haller pointed out that a colleague at Bellcore had proposed another
defense against active attacks during re-initialization on which a patent
had been filed.  There was no "free use" offer, but other reasonable
terms would be forthcoming.  No one wanted to pursue this further and
the issue was dropped.

It was agreed that the author of this I-D be asked to re-post the draft 
in January with the patented technology removed.  It was agreed that 
if there were no new issues, we would have a working group last call
late in January for advancing this draft to Proposed Standard.


OTP Verification Examples <draft-ietf-otp-ver-00.txt>
-----------------------------------------------------

It is difficult to verify the correctness of a new OTP implementation
without using existing code such as the Bellcore reference 
implementation.  Phil Nesser's draft provides a rich suite of test
cases.  The current draft contains errors and Phil agreed to post
a corrected document in early January.  The intent is to post a
working group last call by January 15, and to include the verification
examples as an appendix to the revised RFC 1938.


Documents
---------

    RFC 1760, N Haller, February 1995
    RFC 1938, N Haller & C Metz, May 1996
    draft-ietf-otp-ver-00.txt
    draft-ietf-otp-ext-01.txt