Re: Intent to implement and ship: Web Authentication

Hi J.C.! Thanks for your extensive answer! Seems like there is a lot of progress going on that wasn't immediately obvious from bugzilla. I am looking forward to seeing this land. Thank you, Tom On Wed, Apr 12, 2017 at 2:46 AM, J.C. Jones wrote: > Tom, > > We're making

Re: Intent to implement and ship: Web Authentication

Tom, We're making progress on supporting the USB U2F HID token attestation format; before the actual U2F/HID code starts appearing in-tree, there's had to be some refactoring to handle things in a proper asynchronous way -- which is nearing review. I'm working on that USB U2F support for OSX

Re: Intent to implement and ship: Web Authentication

So what's our status with regards to implementing FIDO u2f? I really would like to use my security key natively in Firefox. Best, Tom On Sat, Dec 3, 2016 at 5:47 AM, Anders Rundgren < anders.rundgren@gmail.com> wrote: > On Friday, December 2, 2016 at 10:27:30 PM UTC+1, JC Jones wrote: > >

Re: Intent to implement and ship: Web Authentication

On Friday, December 2, 2016 at 10:27:30 PM UTC+1, JC Jones wrote: > Anders, > > The first target I'm working on is Desktop, though I've plans in 2017 to > support WebAuthn on Android and iOS [1], too. WebAuthn already has > definitions suitable for Android's Key Attestation [2] and SafetyNet >

Re: Intent to implement and ship: Web Authentication

Anders, The first target I'm working on is Desktop, though I've plans in 2017 to support WebAuthn on Android and iOS [1], too. WebAuthn already has definitions suitable for Android's Key Attestation [2] and SafetyNet formats [3], so they'll need implementations that tie into the

Re: Intent to implement and ship: Web Authentication

On Wednesday, November 30, 2016 at 5:42:30 PM UTC+1, Anders Rundgren wrote: > It is a pity that external tokens have become the > focus when the majority will rather rely on embedded > security solutions which nowadays is a standard feature > in Android and Windows platforms. Slight clarification

Re: Intent to implement and ship: Web Authentication

ght in a filter. Re-sending for posterity on the > list. > -- Forwarded message -- > From: J.C. Jones > Date: Tue, Nov 15, 2016 at 12:01 PM > Subject: Re: Intent to implement and ship: Web Authentication > To: berniepa...@gmail.com > Cc: dev-platform@lists.mozill

Fwd: Intent to implement and ship: Web Authentication

Apologies, this got caught in a filter. Re-sending for posterity on the list. -- Forwarded message -- From: J.C. Jones Date: Tue, Nov 15, 2016 at 12:01 PM Subject: Re: Intent to implement and ship: Web Authentication To: berniepa...@gmail.com Cc: dev-platform@lists.mozilla.org

Re: Intent to implement and ship: Web Authentication

Le lundi 14 novembre 2016 22:41:37 UTC+1, berni...@gmail.com a écrit : > Le lundi 14 novembre 2016 18:34:11 UTC+1, JC Jones a écrit : > > Bernie, > > > > You're right that the current WD does not contain the "U2F HID token" > > attestation format, but the WG is _intending_ to add it [1] -- and

Re: Intent to implement and ship: Web Authentication

Le lundi 14 novembre 2016 18:34:11 UTC+1, JC Jones a écrit : > Bernie, > > You're right that the current WD does not contain the "U2F HID token" > attestation format, but the WG is _intending_ to add it [1] -- and support > for such devices -- in Working Draft 4 [2] as soon as a larger

Re: Intent to implement and ship: Web Authentication

Bernie, You're right that the current WD does not contain the "U2F HID token" attestation format, but the WG is _intending_ to add it [1] -- and support for such devices -- in Working Draft 4 [2] as soon as a larger in-document refactor is complete. I won't guarantee success at this point, but I

Re: Intent to implement and ship: Web Authentication

Le vendredi 11 novembre 2016 22:18:58 UTC+1, JC Jones a écrit : > The W3C Web Authentication Working Group [1] was formed to produce a > browser-facing standard for using strong, cryptographic scoped credentials > to authenticate to web applications in an un-phishable way. The Working > Group

Intent to implement and ship: Web Authentication

The W3C Web Authentication Working Group [1] was formed to produce a browser-facing standard for using strong, cryptographic scoped credentials to authenticate to web applications in an un-phishable way. The Working Group began working from specifications produced by the FIDO Alliance, but through