Re: Intent-to-Ship: Backward-Compatibility FIDO U2F support for Google Accounts

On Thursday, March 14, 2019 at 7:22:21 PM UTC-4, acze...@google.com wrote: > Hi there, > > Chiming in from Google. This has nothing to do with our level of motivation > (which is high btw). This has to do with OEM burned-in images on Android > devices that have already shipped and the

Re: Intent-to-Ship: Backward-Compatibility FIDO U2F support for Google Accounts

Hi there, Chiming in from Google. This has nothing to do with our level of motivation (which is high btw). This has to do with OEM burned-in images on Android devices that have already shipped and the lifecycle of these devices out in the field. Without going into too many details, in order

Re: Intent-to-Ship: Backward-Compatibility FIDO U2F support for Google Accounts

On Fri, Mar 15, 2019 at 10:35 AM devsnek wrote: > If this is how you feel, encourage Google to fix the problem. This isn't > Firefox's fault, Firefox is doing the right thing by supporting > standardized APIs instead of "whatever Google uses". It's incredibly > frustrating and demoralizing to

Re: Intent-to-Ship: Backward-Compatibility FIDO U2F support for Google Accounts

On Thursday, 14 March 2019 13:12:24 UTC-5, JC Jones wrote: > However, a multi-year delay for the largest security key-enabled web > property is, I think, unreasonable to push upon our users. We should > do what’s necessary to enable full security key support on Google > Accounts as quickly as is

Re: Rationalising Linux audio backend support

On Thursday, July 14, 2016 at 2:31:50 PM UTC+12, Anthony Jones wrote: > Supporting two separate audio backends in Linux is duplicated effort. > > I took over the platform media playback team at Mozilla a little over 3 years > ago. At that point we only supported WebM/VP8/Vorbis,

Re: Intent-to-Ship: Backward-Compatibility FIDO U2F support for Google Accounts

On Thu, Mar 14, 2019 at 11:25 AM Alex Gaynor wrote: > one overriding concern: phishing, particularly moderately-sophisticated > phishing which can handle forms of 2FA such as TOTP, SMS, or push, is a > scourge. TOTP was never much defense against phishing, just password compromise (shoulder

Re: Intent-to-Ship: Backward-Compatibility FIDO U2F support for Google Accounts

There are a lot of good reasons to oppose this: - This is a very frustrating _expansion_ of non-standard APIs, more than a year after we shipped the W3C standard API - It'll put pressure on other browsers, which were only implementing webauthn, to also support u2f.js - It'll prolong the period of

Intent-to-Ship: Backward-Compatibility FIDO U2F support for Google Accounts

Web Authentication (WebAuthn) is our best technical response to phishing, which is why we’ve championed it as a technology. All major browsers either support it already, or have their support in-progress, yet adoption by websites has been slow. The deprecated Javascript API that WebAuthn replaces,

Re: Running different instances of Firefox side-by-side

Yes sorry, corrected that. On Thu, Mar 14, 2019 at 6:19 AM Marco Castelluccio < mcastelluc...@mozilla.com> wrote: > What is the bug where you made the initial changes? > We should link to the bug the regressions caused by it (I've seen at least > a > couple regressions filed mentioning this post

Re: Intermediate CA Preloading is enabled for desktop Nightly users

Nicholas, Mozilla's root program mandates all members disclose all intermediates via the Common CA Database . That database has enough metadata to determine which CA certificates chain to roots in our program. The CCADB exports a list on-demand of

Re: Intermediate CA Preloading is enabled for desktop Nightly users

On Wed, Mar 13, 2019 at 2:23 PM J.C. Jones wrote: > Tom, > > Kinto provides the whole list of metadata to clients as soon as it syncs > [1]. The metadata uses the Kinto attachment > mechanism to store the > DER-encoded certificate for separate

Inquiry: What about making fetch() auto-contained by username?

That title is a bit bulky, but it is hard to find a one line summary for this thread :-) After having understood how originAttributes and containers work with nsIHttpChannel, I was finally able to fix all sorts of connection problems. I am now able to isolate connections to the same host but

Re: Running different instances of Firefox side-by-side

What is the bug where you made the initial changes? We should link to the bug the regressions caused by it (I've seen at least a couple regressions filed mentioning this post on dev-platform rather than the bug where the regression was introduced). - Marco. Il 13/03/19 22:14, Dave Townsend ha

Changes to some DOM bugzilla components

Hi, DOM Core team has done some reorganization and description updates to certain DOM-related bugzilla components under Core Product. The changes are summarized below. Please check the bugzilla components you're watching and remember to update your bugzilla queries or related setup where needed.

Re: Each piece of PresShell::HandleEvent() and PresShell::HandleEventInternal() was spun out to each method of PresShell::EventHandler class

Thank you! As somebody who occasionally has had to go digging in that code, this cleanup is much appreciated. On Thu., Mar. 14, 2019, 04:05 Masayuki Nakano, wrote: > Hi, > > We had too big, complicated and important method, > `PresShell::HandleEvent()` (*1), and its helper method, >

Each piece of PresShell::HandleEvent() and PresShell::HandleEventInternal() was spun out to each method of PresShell::EventHandler class

Hi, We had too big, complicated and important method, `PresShell::HandleEvent()` (*1), and its helper method, `PresShell::HandleEventInternal()` (*2). Those methods were too risky to fix everything. Therefore, I redesigned them with a stack class `PresShell::EventHandler` (*3). This new