Henri, I think there's value in providing an impetus to Google Accounts to migrate from U2F-style enrolled credentials to Web Authentication-style. That said, I agree, it shouldn't be an ongoing maintenance burden.
Thanks, all, for the input on this intent-to-ship. I've filed Bug 1436078 <https://bugzilla.mozilla.org/show_bug.cgi?id=1436078> for this work. On Fri, Feb 2, 2018 at 1:20 AM, Henri Sivonen <hsivo...@hsivonen.fi> wrote: > On Tue, Jan 30, 2018 at 6:49 PM, J.C. Jones <j...@mozilla.com> wrote: > > I also recognize that Google > > Accounts is the largest player in existing U2F device enrollments. > ... > > If we choose not to do this, Google Accounts users who currently have U2F > > enabled will not be able to authenticate using Firefox until their > existing > > U2F tokens are re-enrolled using Web Authentication -- meaning not only > > will Google need to change to the Web Authentication API, they will also > > have to prompt users to go back through the enrollment ceremony. This > > process is likely to take several years. > > This seems like a necessary practical reason to make a special > accommodation for user's of Google Accounts. > > > After discussions with appropriate Googlers confirmed that the “ > > www.gstatic.com” origin used in U2F is being retired as part of their > > change-over to Web Authentication, I propose to hard-code support in > Gecko > > to permit Google Accounts’ cross-origin U2F behavior, the same way as > > Chrome has. I propose to do this for a period of 5 years, until 2023, and > > Given that users may use their current token for many years, why do we > have to set any particular expiration date for this exception? After > implementing the exception in the first place has become a sunk cost, > is there a reason to believe it will have a large ongoing maintenance > burden? > > -- > Henri Sivonen > hsivo...@hsivonen.fi > https://hsivonen.fi/ > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
