On Mon, Feb 8, 2016 at 1:13 PM, Frederic Martin wrote:
>
> 1) From a security architect perspective. This is an official recommendation
> that makes sens to prevent MITM attacks. FIDO U2F was created to
> minimize/eliminate that kind of risk.
U2F itself addresses phishing. Token Binding (attempt
On Wednesday, December 2, 2015 at 3:08:44 PM UTC-8, Frederic Martin wrote:
> Sorry, but I don't understand why you are denying the evidence, anyone
> at Fido alliance will confirm that even non-public FIDO 2 drafts are far
> far far from finished. Regarding the glimpse that was published in W3c
>
On Wednesday, December 2, 2015 at 1:17:46 PM UTC-8, smaug wrote:
> I don't understand how 1) could be implemented when the spec has left the key
> piece undefined, as far as I see.
> As the spec puts it "This specification does not describe how such a port is
> made available to RP web pages, as
On Tuesday, December 1, 2015 at 6:04:30 PM UTC-8, Jonas Sicking wrote:
> Oh well. Bummer.
>
> / Jonas
If it cheers you up any, the 2.0 API that replaces the U2F API uses promises -
http://www.w3.org/Submission/2015/SUBM-fido-web-api-20151120/
Richard, it would help if you could clarify - are yo
4 matches
Mail list logo