On Thu, Sep 06, 2001 at 08:01:40PM +0200, Benjamin Bruheim wrote:
To continue the trend of beating on poor Benjamin here, a few comments about twisted.python.otp... :-)
Oh, I can take it. It kinda stores up my shares for _my_ nasty replies later on ;)
I'm looking forward to it... ;-)
It seems oddly placed in twisted.python, maybe twisted.protocols would be better? I know it's not a wire protocol, but it is an RFC implementation.
Well, it is selfcontained and is divided into two classes: one with service routines, and one which is a selfupdating password container. I can't say that I understand what these should do in protocols, since they have nothing in common with any of the other modules in protocols. It can also be used in a calculator as well, which is the most popular usage of OTP :)
Hmm. A calculator? I must admit I'm a little confused by that, but okay...
Some other issues: SMTP seems to use SASL authentication and I could write some routines for OTP that can be used in SASL since it supports the OTP authentication scheme. And there's one big flaw in OTP as well: When the sequence has run out (default is 1000 password issued) the sequence has to be reset, this is not done automatically since this needs to be implemented in each protocol; or by an util which has to be run on the serverside on a secure connection.
This is the reason I felt it should be in protocols. It requires specific support from various protocols, and it's not generally useful in (most?) non-networked applications...