Le jeudi 3 décembre 2015 01:28:51 UTC+1, Justin Dolske a écrit : > On 12/2/15 6:48 AM, Richard Barnes wrote: > > > My initial intent was to propose implementing [1], then implementing [2] > > when it's ready. After all, there's a lot in common, and as you say, >the > > W3C version will be much nicer. > > This seems like like a strange path to take. Why implement both?
(already discussed but let's summarize) There are plenty of existing U2F source code, online services and hardware products already available for U2F, unluckily only support by Chrome for now. U2F specifications are finalized. Nobody knows when FIDO2 will be ready. FIDO2 is a different approach and will not be compatible with U2F. It doesn't mean FIDO U2F support will be dropped (they can completely coexist). U2F reaches its goal as a great secure simple second factor. Please read specifications, it is nice and simple. It works. Great. Already. > From elsewhere in the thread, it sounds like v.1 is basically importing > a defacto-standard (?), in which case I'd wonder how realistic is it to > implement a different version later and actually get sites to switch to >it. > > I'd also wonder just how far off v.2 is... It is something that's likely > to get to a final spec in a reasonable timeframe (and should we just > wait for that), or is it so far off in la-la land that it's not actually > likely to ever be implemented by anyone? Somewhere in between? > > Would the v.1 implementation be deprecated by the v.2 implementation, or > do both need to be carried around forever? So nobody knows when it will be ready. It will, for sure. That's all. It won't make U2F deprecated. U2F use case is not even cover by FIDO2. FIDO U2F and FIDO2 can nicely coexist. Let's not wait please and deal with existing products and services. :) _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
