2010-08-19 2012-04-06 Specification Required Unassigned Algorithm identifiers from this registry are also used as otp-algID values in the PA-OTP-CHALLENGE described in Section 4.1 and the PA-OTP-REQUEST described in Section 4.2 of . HOTP OTP urn:ietf:params:xml:ns:keyprov:pskc:hotp IESG FALSE The <KeyPackage> element MUST be present and the <ResponseFormat> element, which is a child element of the <AlgorithmParameters> element, MUST be used to indicate the OTP length and the value format.

The <Counter> element (see Section 4.1 of [RFC-ietf-keyprov-pskc-09]) MUST be provided as metadata for the key.

The following additional constraints apply:

+ The value of the <Secret> element MUST contain key material with a length of at least 16 octets (128 bits), if it is present.

+ The <ResponseFormat> element MUST have the 'Format' attribute set to "DECIMAL", and the 'Length' attribute MUST indicate a length value between 6 and 9 (inclusive).

+ The <PINPolicy> element MAY be present, but the 'PINUsageMode' attribute cannot be set to "Algorithmic".

An example can be found in Figure 3 of [RFC-ietf-keyprov-pskc-09]. PIN Symmetric static credential comparison urn:ietf:params:xml:ns:keyprov:pskc:pin Section 5.1 IESG FALSE The <Usage> element MAY be present, but no attribute of the <Usage> element is required. The <ResponseFormat> element MAY be used to indicate the PIN value format.

The <Secret> element (see Section 4.1 of [RFC-ietf-keyprov-pskc-09]) MUST be provided.

See the example in Figure 5 of [RFC-ietf-keyprov-pskc-09]. Standards Action 1.0 Expert Review Unassigned OTP Section 5 FALSE CR Section 5 FALSE Encrypt Section 5 FALSE Integrity Section 5 FALSE Verify Section 5 FALSE Unlock Section 5 FALSE Decrypt Section 5 FALSE KeyWrap Section 5 FALSE Unwrap Section 5 FALSE Derive Section 5 FALSE Generate Section 5 FALSE