mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-17 15:25:52 +00:00
9fc9b8dcb4
In Comment 8 of Bug 1244959 [1], Brad Hill argues that instead of leaving our U2F Facet support completely half-way, that we could use the Public Suffix logic introduced into HTML for W3C Web Authentication (the method named IsRegistrableDomainSuffixOfOrEqualTo) to scope the FIDO AppID to an eTLD+1 hierarchy. This is a deviation from the FIDO specification, but doesn't break anything that currently works with our U2F implementation, and theoretically enables sites that otherwise need an external FacetID fetch which we aren't implementing. The downside to this is that it's then Firefox-specific behavior. But since this isn't a shipped feature, we have more room to experiment. As an additional bonus, it encourages U2F sites to use the upcoming Web Authentication security model, which will help them prepare to adopt the newer standard. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1244959#c8 MozReview-Commit-ID: DzNVhHT9qRL --HG-- extra : rebase_source : 262e2ddbec325e0391d346473f27ae2738490da1 |
||
|---|---|---|
| .. | ||
| pkijs | ||
| frame_appid_facet_insecure.html | ||
| frame_appid_facet_subdomain.html | ||
| frame_appid_facet.html | ||
| frame_multiple_keys.html | ||
| frame_no_token.html | ||
| frame_register_sign.html | ||
| frame_register.html | ||
| frame_utils.js | ||
| mochitest.ini | ||
| README.md | ||
| test_appid_facet_insecure.html | ||
| test_appid_facet_subdomain.html | ||
| test_appid_facet.html | ||
| test_multiple_keys.html | ||
| test_no_token.html | ||
| test_register_sign.html | ||
| test_register.html | ||
| test_util_methods.html | ||
| u2futil.js | ||
Note:
While conceptually similar to the tests for Web Authentication (dom/webauthn),
the tests for U2F require an iframe while window.u2f remains hidden behind a
preference, though WebAuthn does not. The reason is that the window object
doesn't mutate upon a call by SpecialPowers.setPrefEnv() the way that the
navigator objects do, rather you have to load a different page with a different
window object for the preference change to be honored.