On Sunday, January 29, 2017 at 8:36:57 AM UTC+1, Anders Rundgren wrote:
> Feel free calling me a troll, but there is a rationale behind my ramblings on
> https://bugzilla.mozilla.org/show_bug.cgi?id=1065729
>
> The bug is named "Implement the FIDO Alliance u2f javascript API&q
On Sunday, January 29, 2017 at 1:55:50 AM UTC+1, Sergey Rozhenko wrote:
> So far I haven't been able to find any piece of rationale behind
> https://bugzilla.mozilla.org/show_bug.cgi?id=1199718 getting WONTFIXed. And
> that's weird, because there has to be an enormous reason to justify its
> scr
Feel free calling me a troll, but there is a rationale behind my ramblings on
https://bugzilla.mozilla.org/show_bug.cgi?id=1065729
The bug is named "Implement the FIDO Alliance u2f javascript API".
The spec is here: https://www.w3.org/TR/webauthn/
"In one extreme case, the authenticator may b
An external security review has been requested. Here is my take on the matter:
https://lists.w3.org/Archives/Public/public-web-security/2017Jan/0004.html
Anders
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listi
The Web2Native Bridge emulator now runs flawlessly on the "desktop" version of
Firefox!
I'm still awaiting publishing by Mozilla AddOn team.
You may install temporary right now though:
https://github.com/cyberphone/web2native-bridge/tree/master/firefox/extension
Installation of the host app:
ht
[2] https://w3c.github.io/webauthn/#android-key-attestation
> [3] https://w3c.github.io/webauthn/#android-safetynet-attestation
>
> On Wed, Nov 30, 2016 at 10:54 PM, Anders Rundgren <
> anders.rundgren@gmail.com> wrote:
>
> > On Wednesday, November 30, 2016 at 5:42:
On Thursday, December 1, 2016 at 9:51:36 PM UTC+1, Nicholas Alexander wrote:
Hi Nicholas,
I want to avoid a long (and for other people boring) debate, but I feel that I
must at least *try* to describe what this is all about...
I would recommend a peek in this document which describes the ratio
I believe both the Android Intent solution and the Google/Mozilla/Microsoft
take on native messaging are vulnerable to phishing attacks which has bearing
on authentication solutions. That is, the unavailability of a security context
to the called application represents a problem including the p
On Wednesday, November 30, 2016 at 5:42:30 PM UTC+1, Anders Rundgren wrote:
> It is a pity that external tokens have become the
> focus when the majority will rather rely on embedded
> security solutions which nowadays is a standard feature
> in Android and Windows platforms.
Slight c
It is a pity that external tokens have become the focus when the majority will
rather rely on embedded security solutions which nowadays is a standard feature
in Android and Windows platforms.
On Tuesday, November 15, 2016 at 8:47:49 PM UTC+1, JC Jones wrote:
> Apologies, this got caught in a fi
Google and Apple have already done
that, but I'm targeting the other 99.9% who don't have a platform they can
update whenever there's a need.
Best
Anders
> Hi Anders,
>
> On Tue, Nov 29, 2016 at 9:10 AM, Anders Rundgren <
> anders.rundgren@gmail.co
There are virtually tons of developers out there using Android Intents to start
"Apps" from the Web.
However, this mechanism sucks big-time since:
1. It leaves the invoking Web page in an "orphaned" state
2. There's no way to "talk back" to the invoked Web page
3. There's no Web page security con
12 matches
Mail list logo
