I did write my own TOTP client. However, why do you assume that I am talking about a TOTP client and not the referred webpage which requires the unfettered execution of third-party (likely malicious) javascript in order to view? Not to mention requiring the use of (also quite possibly malicious) downloaded fonts?
--- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume. >-----Original Message----- >From: NANOG [mailto:nanog-bounces+kmedcalf=dessus....@nanog.org] On >Behalf Of Seth Mattinen >Sent: Tuesday, 26 February, 2019 09:36 >To: nanog@nanog.org >Subject: Re: 2FA, was A Deep Dive on the Recent Widespread DNS >Hijacking > >On 2/25/19 9:59 PM, Keith Medcalf wrote: >> Are you offering an indemnity in case that code is malicious? What >are the terms and the amount of the indemnity? > > >Anyone who is that paranoid should read the RFC and write their own >TOTP >client that lets them indemnify themselves from their own code.
