Closed
Bug 1399959
Opened 7 years ago
Closed 7 years ago
Set preference to prefer hardware U2F tokens (but not shipping any U2F/WebAuthn APIs)
Categories
(Core :: DOM: Device Interfaces, enhancement, P2)
Tracking
()
RESOLVED
FIXED
mozilla57
| Tracking | Status | |
|---|---|---|
| firefox57 | --- | fixed |
People
(Reporter: jcj, Assigned: jcj)
References
Details
(Whiteboard: [webauthn] [u2f])
Attachments
(1 file)
The general case of enabling U2F / WebAuthn should only require flipping one pref, not two or three. Let's leave u2f and webauthn off (because not ready to ship), but change
pref("security.webauth.webauthn_enable_softtoken", false);
pref("security.webauth.webauthn_enable_usbtoken", false);
to
pref("security.webauth.webauthn_enable_softtoken", false);
pref("security.webauth.webauthn_enable_usbtoken", true);
|
Assignee | |
Updated•7 years ago
|
Summary: Set preference to enable hardware U2F support by default (but not U2F/WebAuthn JS) → Set preference to prefer hardware U2F tokens (but not shipping any U2F/WebAuthn APIs)
| Comment hidden (mozreview-request) |
|
||
Comment 2•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8908258 [details]
Bug 1399959 - Prefer hardware instead of software U2F tokens
https://reviewboard.mozilla.org/r/179908/#review185146
Sounds good.
::: security/manager/ssl/security-prefs.js:119
(Diff revision 1)
> pref("security.pki.certificate_transparency.mode", 0);
>
> +// Hardware Origin-bound Second Factor Support
> pref("security.webauth.u2f", false);
> pref("security.webauth.webauthn", false);
> +// Only one of "enable_softtoken" and "enable_usbtoken" can be true
Do we have code that enforces this?
Attachment #8908258 -
Flags: review?(dkeeler) → review+
|
|
Assignee | |
Comment 3•7 years ago
|
||
(In reply to David Keeler [:keeler] (use needinfo?) from comment #2)
> Comment on attachment 8908258 [details]
> Bug 1399959 - Prefer hardware instead of software U2F tokens
>
> https://reviewboard.mozilla.org/r/179908/#review185146
>
> Sounds good.
>
> ::: security/manager/ssl/security-prefs.js:119
> (Diff revision 1)
> > pref("security.pki.certificate_transparency.mode", 0);
> >
> > +// Hardware Origin-bound Second Factor Support
> > pref("security.webauth.u2f", false);
> > pref("security.webauth.webauthn", false);
> > +// Only one of "enable_softtoken" and "enable_usbtoken" can be true
>
> Do we have code that enforces this?
We do: http://searchfox.org/mozilla-central/source/dom/webauthn/U2FTokenManager.cpp#208
Thanks for the review!
|
||
Updated•7 years ago
|
Priority: -- → P2
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Comment 5•7 years ago
|
||
This is a pref change that doesn't ship anything, just makes for easier testing. Try run looks good [1]
[1] https://treeherder.mozilla.org/#/jobs?repo=try&revision=f454fa9a0da3
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/b406b52fd2e3
Prefer hardware instead of software U2F tokens r=keeler
Keywords: checkin-needed
|
|
||
Comment 7•7 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox57:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
You need to log in
before you can comment on or make changes to this bug.
Description
•