- From: J.C. Jones <jc@mozilla.com>
- Date: Thu, 12 Jan 2017 17:46:47 -0700
- To: W3C WebAuthn WG <public-webauthn@w3.org>
- Message-ID: <CAObDDPCjZ2i6B7wTWnZa5V4ERWuNAywmKGkZULxw4DGE3GQp1A@mail.gmail.com>
All, Firefox Nightly has our implementation of the WD-02 draft of WebAuthn backed by a U2F soft-token available for experimentation. It's using the U2F formats I described by email last month in "Mapping out the U2F Attestation Format". There's a debug tool online at https://webauthn.bin.coffee/ that prints the objects out upon testing. To experiment with it, you'll need to use a copy of Nightly from this week (available here, scroll down <https://www.mozilla.org/en-US/firefox/channel/desktop/?v=a>), then navigate to "about:config" and search for "*webauth*". You need to *enable* the preferences '*security.webauth.w3c'* and ' *security.webauth.u2f_enable_softtoken*' (note, the second one will change to '*security.webauth.webauthn_enable_softtoken*' in a few days). Caveat: * The "relaxing the same-origin policy" functionality is not yet implemented, due to the ongoing discussions. It's just a stub that isn't doing the right things security-wise - yet! I don't have much public for testing / experimentation with the outputs; I'll have something similar to https://u2f.bin.coffee/ as soon as I can, though. Happy hacking, J.C.
Received on Friday, 13 January 2017 00:47:40 UTC