Re: Intent to Ship - Support already-enrolled U2F devices with Google Accounts for Web Authentication

[2] https://w3c.github.io/webauthn/#sctn-appid-extension and > >> https://bugzilla.mozilla.org/show_bug.cgi?id=1406471 > >> > >> [3] > >> https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/ > >> fido-appid-and-facets-v1.2-ps-20170411.html > >> >

Re: FYI: Short Nightly Shield Study involving DNS over HTTPs (DoH)

ink it's worth doing. The end result of this will almost > certainly be improved privacy and security for users who have this enabled > by default, and we can't get to that point without doing a study like this. > > I think it's worth the risk of a backlash. But I also think

Re: Smart Card and WebCrypto (Re: On the future of and application/x-x509-*-cert MIME handling)

think we're currently working on this though. (from the inveterate lurker...) I've said this to a number of FF folks but it would be great to get FIDO U2F support in FF; the U2F-enabled yubikeys/harware tokens etc. are a great, usable 2-factor technology, but it's hard to recommend pe

Re: Fido U2F, two-factor authentication support

Jeroen Hoek > > Lable > ✉ jeroen.h...@lable.nl > GPG: 44D4 1D39 535A 1F9A 9509 92C5 A7A8 B913 D40D D022 > > http://lable.nl — KvK № 55984037 — BTW № NL8519.32.411.B.01 > > > ___ > dev-platform mailing list > dev-platform@lis

Re: Firefox Hello new data collection

he sensitivity of real-time comms. -- Joseph Lorenzo Hall Chief Technologist, Center for Democracy & Technology [https://www.cdt.org] e: j...@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 CDT's annual dinn

Re: Intent to ship: Treat cookies set over non-secure HTTP as session cookies

a.org/show_bug.cgi?id=1160368 >>> >>> Link to standard: N/A >>> >>> Platform coverage: All platforms >>> >>> Estimated or target release: Firefox 49 >>> >>> Preference behind which this will be implemented: >>>

Re: Proposed W3C Charter: Web of Things Working Group

y app stores). 3) > Discussion of W3C groups and their publications has always taken place > here. > > > -- > https://annevankesteren.nl/ > ___ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla

Re: Intent to unship: navigator.getBattery (Battery Status API)

_bug.cgi?id=678694 > ___ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > -- Joseph Lorenzo Hall Chief Technologist, Center for Democracy & Technology [https://www.cdt.org

Re: Intent to deprecate: Insecure HTTP

x27;s kill off plain HTTP first, then worry about how to fix the CA > system. Let's Encrypt will of course make this a lot easier by providing free > certs. > ___ > dev-platform mailing list > dev-platform@lists.mozilla.org > htt

Re: Intent to deprecate: Insecure HTTP

t do not make hypocrites of themselves. > ___ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform -- Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Wash

Re: Intent to deprecate: Insecure HTTP

allows. Not > even security. This is a false choice... you cannot have free speech without safe spaces. Many, many have written about this, e.g., https://cdt.org/files/2015/02/CDT-comments-on-the-use-of-encryption-and-anonymity-in-digital-communcations.pdf -- Joseph Lorenzo Hall Chief T

Re: Intent to deprecate: Insecure HTTP

> ___ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform -- Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 20

Re: Intent to deprecate: Insecure HTTP

web sure has a lot of stuff that is highly dynamic with javascript and other active content. That stuff needs be protected in transit lest the Great Cannon or any number of user-hostile crap on the net start owning your UAs, even if you don't think the content need be private. best, Joe --

Re: Update: Intent to Ship Adjust SDK in Fennec

app token nit: s/hashes/hashed/ here, no? That is Adjust will store a single hash performed as hash(hash(MAC/DeviceID) + App token) Correct? (Presumably this is to identify reinstalls or something.) best and thanks, Joe -- Joseph Lorenzo Hall Chief Technologist Center for Democracy &

Re: W3C Proposed Recommendation: Web Authentication

n or walling out, > > And to whom I was like to give offense. > > - Robert Frost, Mending Wall (1914) > > ___ > > dev-platform mailing list > > dev-platform@lists.mozilla.org > > https

Re: Intent-to-Ship: Backward-Compatibility FIDO U2F support for Google Accounts

ttps://bugzilla.mozilla.org/show_bug.cgi?id=1539541 > ___ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > -- Joseph Lorenzo Hall Chief Technologist, Center for Democracy &

Re: Proposed W3C Charter: Media Working Group

__ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > -- Joseph Lorenzo Hall Chief Technologist, Center for Democracy & Technology [https://www.cdt.org] 1401 K ST NW STE 200, Washington DC 2000