On Tue, Oct 21, 2014 at 4:46 PM, Richard Barnes <rbar...@mozilla.com> wrote:
> > > On Oct 21, 2014, at 4:08 PM, Robert O'Callahan <rob...@ocallahan.org> > wrote: > > > > > http://googleonlinesecurity.blogspot.co.nz/2014/10/strengthening-2-step-verification-with.html > > We should support this. > > Maybe I'm just jaded, but given that we're currently in the process of > phasing out custom APIs for one specialized hardware platform, I'm not > super enthusiastic about adding support for another one. > Which specialized hardware platform is that? Also, don't the FIDO Alliance specs cover more than just one platform? > There's a conversation going on between some folks in the platform > security and FxOS security teams working on an overall strategy for secure > hardware, so that we don't have to cut fresh code every time someone comes > up with a new identity scheme. I doubt that's what roc was suggesting. But it's hard to say more without more details on the said overall strategy. > We will hopefully have something baked enough to share around soon. > > Note that that blog post glosses over a couple of important details of the > Chrome implementation. First, it's non-native; it's a bundled extension, > like Flash. And second, it's only enabled for google.com, so it's not > really a web-facing feature. > -- Ehsan _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
