[Bug 1387908] Re: [udev] FIDO u2f security keys should be supported out of the box

Dimitri John Ledkov launchpad at surgut.co.uk
Mon May 2 20:09:45 UTC 2016 

** Description changed:

+ [Impact]
+ 
+  * Users plugin U2F key and it does not work in Google Chrome
+ 
+ [Test Case]
+ 
+  * Have stock ubuntu install, without custom U2F rules or libu2f-host0
+ installed
+ 
+  * Use U2F factor authentication website e.g. google apps, github,
+ yubico, etc.
+ 
+  * Pluging in the key, should just work and complete U2F authentication
+ instead of timing out
+ 
+ [Regression Potential]
+ 
+  * Should not conflict with libu2f-host0 udev rules which is where these
+ are currently shipped
+ 
  FIDO u2f is an emerging standard for public-private cryptography based
  2nd factor authentication, which improves on OTP by mitigating phishing,
  man-in-the-middle attacks and reply attacks.
  
  Google Chrome supports u2f devices which are now widely available from
  Yubico (new premium neo Yubikeys and Security keys).
  
  However, udev rules are required to setup permissions to allow the web-
  browsers which are running as regular users to access the devices in
  question.
  
  E.g.:
  
  KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0664", GROUP="plugdev",
  ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120"
  
  Something like that should be enabled by default, however probably not
  encode on the vendor/productid as other vendors will also make u2f
  devices.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1387908

Title:
  [udev] FIDO u2f security keys should be supported out of the box

Status in systemd package in Ubuntu:
  Fix Committed
Status in systemd source package in Trusty:
  Confirmed
Status in systemd source package in Xenial:
  In Progress

Bug description:
  [Impact]

   * Users plugin U2F key and it does not work in Google Chrome

  [Test Case]

   * Have stock ubuntu install, without custom U2F rules or libu2f-host0
  installed

   * Use U2F factor authentication website e.g. google apps, github,
  yubico, etc.

   * Pluging in the key, should just work and complete U2F
  authentication instead of timing out

  [Regression Potential]

   * Should not conflict with libu2f-host0 udev rules which is where
  these are currently shipped

  FIDO u2f is an emerging standard for public-private cryptography based
  2nd factor authentication, which improves on OTP by mitigating
  phishing, man-in-the-middle attacks and reply attacks.

  Google Chrome supports u2f devices which are now widely available from
  Yubico (new premium neo Yubikeys and Security keys).

  However, udev rules are required to setup permissions to allow the
  web-browsers which are running as regular users to access the devices
  in question.

  E.g.:

  KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0664", GROUP="plugdev",
  ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120"

  Something like that should be enabled by default, however probably not
  encode on the vendor/productid as other vendors will also make u2f
  devices.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1387908/+subscriptions

More information about the foundations-bugs mailing list