On Tue, Aug 11, 2015 at 11:08 PM, Brandon Mercer <[email protected]> wrote: > On Tue, Aug 11, 2015 at 4:02 PM Alexey Suslikov <[email protected]> > wrote: >> >> On Tue, Aug 11, 2015 at 10:57 PM, Brandon Mercer >> <[email protected]> wrote: >> > On Tue, Aug 11, 2015 at 2:53 PM Alexey Suslikov >> > <[email protected]> >> > wrote: >> >> >> >> Hi ports@. >> >> >> >> Are these Chrome 40+ FIDO U2F Security Keys supported on OpenBSD? >> > >> > >> > There is a bug report opened: >> > https://code.google.com/p/chromium/issues/detail?id=451248 >> >> https://support.google.com/accounts/answer/6103523 says: >> >> "Requirements for using Security Key >> >> To use Security Key, you’ll need a computer running Google Chrome version >> 40 >> or newer on ChromeOS, Windows, Mac OS, or Linux". > > > Frankly, those requirements changed once bug reports started rolling in. The > first public statement I remember said, "a computer running chrome version > 39 or newer." Then the linux folks had issues and had to do some usb jumping > jacks, and then I opened that bug report, and then freebsd folks complained > as well. > > The issue I take to it is not just compatibility. There is a site out there > that crashes my browser by running javascript. Presumably malicious > javascript could do that anyhow, but this is being caused by one of their > own web applications. Ironically, the yubikey demo site for u2f does not > trigger the same crash.
I see. Another thing that bothers me. These keys are USB HIDs, right? Is it safe enough to let browser access USB bus (USB keyboard is HID and people can type different things on it).
