On Thursday, March 14, 2019 at 7:22:21 PM UTC-4, acze...@google.com wrote: > Hi there, > > Chiming in from Google. This has nothing to do with our level of motivation > (which is high btw). This has to do with OEM burned-in images on Android > devices that have already shipped and the lifecycle of these devices out in > the field. Without going into too many details, in order to not lock users > out of their devices, we cannot switch u2f register to webauthn create() > until there is sufficient churn in Android devices. You can expect webauthn > get() to come much much sooner, as that is not impacted. > > Again, this is only happening because of how the code that adds accounts is > burned into certain devices. There are not any other websites, that I'm > aware of, that are in a similar unfortunate situation.
Hi Alexei, Thanks for the info, can you provide some more detail? 1) Is it impossible to update the devices in question or is the OEM just not shipping updates? 2) What workarounds are available on Google's side to resolve this issue without including this ugly hack in Firefox, and why haven't they been deployed? 3) Why are we just finding about this now, in 2019, long after all of the bits for WebAuthn have shipped? It's not like WebAuthn was a surprise on the roadmap, we have been steadily moving towards it for many years now in an ecosystem that Google created. Jonathan _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
