- From: François Beaufort via GitHub <sysbot+gh@w3.org>
- Date: Fri, 24 Jul 2015 20:29:33 +0000
- To: public-web-bluetooth-log@w3.org
Unless we're talking about a different U2F Service, you may want to talk to @jyasskin then. From what I can read at https://plus.google.com/u/0/+FrancoisBeaufort/posts/bYYfNLQyMtX _We're going to blacklist the U2F service UUID because direct Bluetooth communication from arbitrary websites breaks their security model. They assume they can trust the Bluetooth message about the origin it's coming from, but a site sending a raw GATT message to a U2F device could spoof that, and the phishing flow becomes too easy._ -- GitHub Notif of comment by beaufortfrancois See https://github.com/WebBluetoothCG/web-bluetooth/issues/145#issuecomment-124711819
Received on Friday, 24 July 2015 20:29:35 UTC