Re: Intent to Ship - Support already-enrolled U2F devices with Google Accounts for Web Authentication

2018-02-06 Thread J.C. Jones
Henri, I think there's value in providing an impetus to Google Accounts to migrate from U2F-style enrolled credentials to Web Authentication-style. That said, I agree, it shouldn't be an ongoing maintenance burden. Thanks, all, for the input on this intent-to-ship. I've filed Bug 1436078

Re: Intent to Ship - Support already-enrolled U2F devices with Google Accounts for Web Authentication

2018-02-02 Thread Henri Sivonen
On Tue, Jan 30, 2018 at 6:49 PM, J.C. Jones wrote: > I also recognize that Google > Accounts is the largest player in existing U2F device enrollments. ... > If we choose not to do this, Google Accounts users who currently have U2F > enabled will not be able to authenticate using Firefox until thei

Re: Intent to Ship - Support already-enrolled U2F devices with Google Accounts for Web Authentication

2018-01-30 Thread Joseph Lorenzo Hall
+1 this will be very welcome for so many Google Accounts and orgs that use GSuite but love us some Firefox. I did want to raise another issue... many activists, journalists, politicians, political campaign staff, election officials, are increasingly using Google's Advanced Protection Program (whic

Re: Intent to Ship - Support already-enrolled U2F devices with Google Accounts for Web Authentication

2018-01-30 Thread Alex Gaynor
Is it practical to be data driven about this? Either by telemetry on how frequently this is used in Firefox, or by Google giving us data on how much of their userbase is migrated? This has the benefit of either a) letting us remove code sooner, or b) ensuring we're aware that we'd be breaking the e

Re: Intent to Ship - Support already-enrolled U2F devices with Google Accounts for Web Authentication

2018-01-30 Thread J.C. Jones
My understanding is that the gstatic migration will take effect as soon as Google deploys Web Authentication. Re-enrolling devices will start some unspecified time after that. They are concerned about Google Accounts that are accessed using a U2F device very infrequently (once or twice per year) n

Re: Intent to Ship - Support already-enrolled U2F devices with Google Accounts for Web Authentication

2018-01-30 Thread Eric Rescorla
On Tue, Jan 30, 2018 at 8:49 AM, J.C. Jones wrote: > Summary: Support already-enrolled U2F devices with Google Accounts for Web > Authentication > > Web Authentication is on-track to ship in Firefox 60 [1], and contains > within it support for already-deployed USB-connected FIDO U2F devices, and