RFC 2289 Implementation Report

Here is the report as provided by Marcus Leech as support for elevating RFC 2289 to Standard.

OTP, and its very-closely-related predecessor, S/KEY, has been in use on the Internet since at least 1994. The most prevalent implementation in the 1994/1995 timeframe was OPIE (One-time Passwords in Everything), done at NRL.

At this time there are several independant implementations of RFC2289, all implementing all of the features of 2289.

Many commercial application/telnet-layer firewalls support OTP. A quick survey on the Whirled Wide Web revealed that:

  • IBM
  • Checkpoint
  • Cisco
  • Raptor

All support OTP. There are several OTP calculators for both Palm and Windows CE PDAs, and a large amount of usage of OTP in the sandal-wearing side of the networking and computing community.

The IPSRA working group will support OTP (and S/KEY) in its support for "legacy" authentication mechanisms in support of remote access.

It is entirely likely that OTP will continue to be relevant to the Internet at large, and the implementation and operational experience justify its promotion to STANDARD.