WebAuthn WD-02 implemented in Firefox Nightly


Firefox Nightly has our implementation of the WD-02 draft of WebAuthn
backed by a U2F soft-token available for experimentation. It's using the
U2F formats I described by email last month in "Mapping out the U2F
Attestation Format".

There's a debug tool online at https://webauthn.bin.coffee/ that prints the
objects out upon testing.

To experiment with it, you'll need to use a copy of Nightly from this
week (available
here, scroll down
<https://www.mozilla.org/en-US/firefox/channel/desktop/?v=a>), then
navigate to "about:config" and search for "*webauth*". You need to *enable*
the preferences '*security.webauth.w3c'* and '
*security.webauth.u2f_enable_softtoken*' (note, the second one will change
to '*security.webauth.webauthn_enable_softtoken*' in a few days).

* The "relaxing the same-origin policy" functionality is not yet
implemented, due to the ongoing discussions. It's just a stub that isn't
doing the right things security-wise - yet!

I don't have much public for testing / experimentation with the outputs;
I'll have something similar to https://u2f.bin.coffee/ as soon as I can,

Happy hacking,

Received on Friday, 13 January 2017 00:47:40 UTC