On Tue, Aug 11, 2015 at 4:15 PM Alexey Suslikov <[email protected]> wrote:
> On Tue, Aug 11, 2015 at 11:08 PM, Brandon Mercer > <[email protected]> wrote: > > On Tue, Aug 11, 2015 at 4:02 PM Alexey Suslikov < > [email protected]> > > wrote: > >> > >> On Tue, Aug 11, 2015 at 10:57 PM, Brandon Mercer > >> <[email protected]> wrote: > >> > On Tue, Aug 11, 2015 at 2:53 PM Alexey Suslikov > >> > <[email protected]> > >> > wrote: > >> >> > >> >> Hi ports@. > >> >> > >> >> Are these Chrome 40+ FIDO U2F Security Keys supported on OpenBSD? > >> > > >> > > >> > There is a bug report opened: > >> > https://code.google.com/p/chromium/issues/detail?id=451248 > >> > >> https://support.google.com/accounts/answer/6103523 says: > >> > >> "Requirements for using Security Key > >> > >> To use Security Key, you’ll need a computer running Google Chrome > version > >> 40 > >> or newer on ChromeOS, Windows, Mac OS, or Linux". > > > > > > Frankly, those requirements changed once bug reports started rolling in. > The > > first public statement I remember said, "a computer running chrome > version > > 39 or newer." Then the linux folks had issues and had to do some usb > jumping > > jacks, and then I opened that bug report, and then freebsd folks > complained > > as well. > > > > The issue I take to it is not just compatibility. There is a site out > there > > that crashes my browser by running javascript. Presumably malicious > > javascript could do that anyhow, but this is being caused by one of their > > own web applications. Ironically, the yubikey demo site for u2f does not > > trigger the same crash. > > I see. > > Another thing that bothers me. These keys are USB HIDs, right? Is it safe > enough to let browser access USB bus (USB keyboard is HID and people > can type different things on it). > Well, that part of it is a completely different animal. It's probably worth a separate discussion about how the protocol works. You are suggesting that this couldn't even be made to work in a secure fashion, and I'm not going to disagree with you.
