Re: Intent to implement and ship: FIDO U2F API

2016-02-08 Thread Fred Le Tamanoir
Hi, Great news about you making progress on this ! Since I read here and there that you are working with Firefox & Chrome U2F support consistency in mind, what's your take on TLS Channel ID (Token Binding) support inside Firefox ? It is a recommended feature for FIDO U2F client (Firefox here)

Re: Intent to implement and ship: FIDO U2F API

2016-02-08 Thread Eric Rescorla
On Fri, Feb 5, 2016 at 3:22 PM, Fred Le Tamanoir wrote: > Hi, > > Great news about you making progress on this ! > > Since I read here and there that you are working with Firefox & Chrome U2F > support consistency in mind, what's your take on TLS Channel ID (Token >

Re: Intent to implement and ship: FIDO U2F API

2016-02-08 Thread Frederic Martin
On Monday, February 8, 2016 at 10:54:36 PM UTC+1, Ryan Sleevi wrote: > On Mon, Feb 8, 2016 at 1:13 PM, Frederic Martin wrote: > > > > 1) From a security architect perspective. This is an official > > recommendation that makes sens to prevent MITM attacks. FIDO U2F was > > created to

[Firefox Desktop] Issues found: February 1st to February 5th

2016-02-08 Thread Andrei Vaida
Hi everyone, Here's the list of new issues found and filed by the Desktop Manual QA team last week, *February 1 - February 5* (week 5). Additional details on the team's priorities last week, as well as the plans for the current week are available at:

Re: Intent to implement and ship: FIDO U2F API

2016-02-08 Thread Frederic Martin
Hi, thanx for the answer. Quoting Dirk Balfanz (one of the TLS Channel ID specifications author, a few days ago on FIDO DEV forum): "the new spec that replaces ChannelID is called "Token Binding", and is in the process of being standardized by the IETF

To bump mochitest's timeout from 45 seconds to 90 seconds

2016-02-08 Thread Armen Zambrano G.
Hello, In order to help us have less timeouts when running mochitests under docker, we've decided to double mochitests' gTimeoutSeconds and reduce large multipliers in half. Here's the patch if you're curious: https://bugzilla.mozilla.org/page.cgi?id=splinter.html=1246152=8717111 If you have any

Re: Intent to implement and ship: FIDO U2F API

2016-02-08 Thread Ryan Sleevi
On Mon, Feb 8, 2016 at 1:13 PM, Frederic Martin wrote: > > 1) From a security architect perspective. This is an official recommendation > that makes sens to prevent MITM attacks. FIDO U2F was created to > minimize/eliminate that kind of risk. U2F itself addresses phishing. Token Binding

Re: Intent to implement and ship: FIDO U2F API

2016-02-08 Thread Eric Rescorla
On Mon, Feb 8, 2016 at 10:13 PM, Frederic Martin wrote: > Hi, > > thanx for the answer. > > Quoting Dirk Balfanz (one of the TLS Channel ID specifications author, a > few days ago on FIDO DEV forum): > > "the new spec that replaces ChannelID is called "Token Binding",