Re: Question about signing

2008-09-02T10:34:05+01:00

Yes, we will extend the protocol to include the OTP in the signed response in the near future. It is a good idea, thanks!

Btw, the validation server have a option to enable/disable on a per-client basis whether it should require a signature on all requests.

Thanks,
Simon

Statistics: Posted by Simon — Tue Sep 02, 2008 10:34 am

Re: Question about signing

2008-08-22T06:20:37+01:00

Tom, currently the "signing" only matters to the request sender, who wants to verify the response from Yubico is legit.

You are right that one thing missing is that Yubico should offer each client the option to verify each request or not. Soon Yubico is to open up the admin web site for every client to choose whether we should verify every request from or not.

Stay tuned, we are full speed on that.

Thanks for comments

Statistics: Posted by paul — Fri Aug 22, 2008 1:34 am

Yubico Forum

Re: Question about signing

Re: Question about signing