Closed
Bug 1399959
Opened 7 years ago
Closed 7 years ago
Set preference to prefer hardware U2F tokens (but not shipping any U2F/WebAuthn APIs)
Categories
(Core :: DOM: Device Interfaces, enhancement, P2)
Tracking
()
RESOLVED
FIXED
mozilla57
Tracking | Status | |
---|---|---|
firefox57 | --- | fixed |
People
(Reporter: jcj, Assigned: jcj)
References
Details
(Whiteboard: [webauthn] [u2f])
Attachments
(1 file)
The general case of enabling U2F / WebAuthn should only require flipping one pref, not two or three. Let's leave u2f and webauthn off (because not ready to ship), but change pref("security.webauth.webauthn_enable_softtoken", false); pref("security.webauth.webauthn_enable_usbtoken", false); to pref("security.webauth.webauthn_enable_softtoken", false); pref("security.webauth.webauthn_enable_usbtoken", true);
Assignee | ||
Updated•7 years ago
|
Summary: Set preference to enable hardware U2F support by default (but not U2F/WebAuthn JS) → Set preference to prefer hardware U2F tokens (but not shipping any U2F/WebAuthn APIs)
Comment hidden (mozreview-request) |
Comment 2•7 years ago
|
||
mozreview-review |
Comment on attachment 8908258 [details] Bug 1399959 - Prefer hardware instead of software U2F tokens https://reviewboard.mozilla.org/r/179908/#review185146 Sounds good. ::: security/manager/ssl/security-prefs.js:119 (Diff revision 1) > pref("security.pki.certificate_transparency.mode", 0); > > +// Hardware Origin-bound Second Factor Support > pref("security.webauth.u2f", false); > pref("security.webauth.webauthn", false); > +// Only one of "enable_softtoken" and "enable_usbtoken" can be true Do we have code that enforces this?
Attachment #8908258 -
Flags: review?(dkeeler) → review+
Assignee | ||
Comment 3•7 years ago
|
||
(In reply to David Keeler [:keeler] (use needinfo?) from comment #2) > Comment on attachment 8908258 [details] > Bug 1399959 - Prefer hardware instead of software U2F tokens > > https://reviewboard.mozilla.org/r/179908/#review185146 > > Sounds good. > > ::: security/manager/ssl/security-prefs.js:119 > (Diff revision 1) > > pref("security.pki.certificate_transparency.mode", 0); > > > > +// Hardware Origin-bound Second Factor Support > > pref("security.webauth.u2f", false); > > pref("security.webauth.webauthn", false); > > +// Only one of "enable_softtoken" and "enable_usbtoken" can be true > > Do we have code that enforces this? We do: http://searchfox.org/mozilla-central/source/dom/webauthn/U2FTokenManager.cpp#208 Thanks for the review!
Updated•7 years ago
|
Priority: -- → P2
Comment hidden (mozreview-request) |
Assignee | ||
Comment 5•7 years ago
|
||
This is a pref change that doesn't ship anything, just makes for easier testing. Try run looks good [1] [1] https://treeherder.mozilla.org/#/jobs?repo=try&revision=f454fa9a0da3
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/autoland/rev/b406b52fd2e3 Prefer hardware instead of software U2F tokens r=keeler
Keywords: checkin-needed
Comment 7•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/b406b52fd2e3
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox57:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
You need to log in
before you can comment on or make changes to this bug.
Description
•