Yubico Forum
https://forum.yubico.com/

Question about signing
https://forum.yubico.com/viewtopic.php?f=3&t=165
Page 1 of 1

Author:  paul [ Fri Aug 22, 2008 1:34 am ]
Post subject:  Re: Question about signing

Tom, currently the "signing" only matters to the request sender, who wants to verify the response from Yubico is legit.

You are right that one thing missing is that Yubico should offer each client the option to verify each request or not. Soon Yubico is to open up the admin web site for every client to choose whether we should verify every request from or not.

Stay tuned, we are full speed on that.

Thanks for comments
:geek:

Author:  Simon [ Tue Sep 02, 2008 10:34 am ]
Post subject:  Re: Question about signing

Yes, we will extend the protocol to include the OTP in the signed response in the near future. It is a good idea, thanks!

Btw, the validation server have a option to enable/disable on a per-client basis whether it should require a signature on all requests.

Thanks,
Simon

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/