I have read that about the sl parameters (on a google code wiki) :
Quote:
sl is the percentage of external validation server that replied successfully
Actually, we can validate the same OTP on each api servers, if you request a low "sl"
Here the same OTP validate twice :
Code:
$ curl "https://api3.yubico.com/wsapi/2.0/verify?id=0&otp=cccccccjgunuliikgeebeuhdtnhvnkentvfguiuttebf&nonce=aaaaaaaaaaaaaaaa&sl=1"
h=Brg8ynSBKepp+Rhxf1PJLc2/rJk=
t=2011-05-26T13:42:38Z0940
otp=cccccccjgunuliikgeebeuhdtnhvnkentvfguiuttebf
nonce=aaaaaaaaaaaaaaaa
sl=25
status=OK
$ curl "https://api.yubico.com/wsapi/2.0/verify?id=0&otp=cccccccjgunuliikgeebeuhdtnhvnkentvfguiuttebf&nonce=aaaaaaaaaaaaaaaa&sl=1"
h=qqxUO/Ma0nhh7zZ9HGTJhthpVeo=
t=2011-05-26T13:42:46Z0111
otp=cccccccjgunuliikgeebeuhdtnhvnkentvfguiuttebf
nonce=aaaaaaaaaaaaaaaa
sl=25
status=OK
It's easy to understand that server don't use the same DB to store the client context.
In a cluster of validator server context, each server known others and if the client request a synch level.
The server must randomly contact other to check the same OTP.
In the case of a simple server, the answer is already 100%, and this parameter is useless ?
What are the percentage level for "fast" (1%) and "secure" (100%) ?
A simple use case with 2 servers :
- I play a OTP with sl to 1, i give an anwser OK
- I replay the same OTP with sl=50 on the second server, it's will be OK for srv2 and REPLAYED for srv1, but the answer will be OK
In this case the sl parameter is useless too, because we can make good answer with a server which telling not OKStatistics: Posted by wysman — Thu May 26, 2011 3:05 pm
]]>