| Yubico Forum https://forum.yubico.com/ |
|
| Information about the SL parameters https://forum.yubico.com/viewtopic.php?f=5&t=681 |
Page 1 of 1 |
| Author: | wysman [ Thu May 26, 2011 3:05 pm ] |
| Post subject: | Information about the SL parameters |
Hi, I have read that about the sl parameters (on a google code wiki) : Quote: sl is the percentage of external validation server that replied successfully Actually, we can validate the same OTP on each api servers, if you request a low "sl" Here the same OTP validate twice : Code: $ curl "https://api3.yubico.com/wsapi/2.0/verify?id=0&otp=cccccccjgunuliikgeebeuhdtnhvnkentvfguiuttebf&nonce=aaaaaaaaaaaaaaaa&sl=1" h=Brg8ynSBKepp+Rhxf1PJLc2/rJk= t=2011-05-26T13:42:38Z0940 otp=cccccccjgunuliikgeebeuhdtnhvnkentvfguiuttebf nonce=aaaaaaaaaaaaaaaa sl=25 status=OK $ curl "https://api.yubico.com/wsapi/2.0/verify?id=0&otp=cccccccjgunuliikgeebeuhdtnhvnkentvfguiuttebf&nonce=aaaaaaaaaaaaaaaa&sl=1" h=qqxUO/Ma0nhh7zZ9HGTJhthpVeo= t=2011-05-26T13:42:46Z0111 otp=cccccccjgunuliikgeebeuhdtnhvnkentvfguiuttebf nonce=aaaaaaaaaaaaaaaa sl=25 status=OK It's easy to understand that server don't use the same DB to store the client context. In a cluster of validator server context, each server known others and if the client request a synch level. The server must randomly contact other to check the same OTP. In the case of a simple server, the answer is already 100%, and this parameter is useless ? What are the percentage level for "fast" (1%) and "secure" (100%) ? A simple use case with 2 servers : - I play a OTP with sl to 1, i give an anwser OK - I replay the same OTP with sl=50 on the second server, it's will be OK for srv2 and REPLAYED for srv1, but the answer will be OK In this case the sl parameter is useless too, because we can make good answer with a server which telling not OK |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|