Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:57 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Fri Aug 22, 2008 1:34 am 
Offline
User avatar

Joined: Wed May 07, 2008 5:25 pm
Posts: 110
Location: Sunnyvale, California
Tom, currently the "signing" only matters to the request sender, who wants to verify the response from Yubico is legit.

You are right that one thing missing is that Yubico should offer each client the option to verify each request or not. Soon Yubico is to open up the admin web site for every client to choose whether we should verify every request from or not.

Stay tuned, we are full speed on that.

Thanks for comments
:geek:

_________________
The YubiKey Server Guy


Last edited by paul on Fri Aug 22, 2008 6:20 am, edited 1 time in total.

Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Sep 02, 2008 10:34 am 
Offline
Site Admin
Site Admin

Joined: Tue May 06, 2008 7:22 pm
Posts: 151
Yes, we will extend the protocol to include the OTP in the signed response in the near future. It is a good idea, thanks!

Btw, the validation server have a option to enable/disable on a per-client basis whether it should require a signature on all requests.

Thanks,
Simon


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group