[Cryptography] YubiKeys / FIDO / U2F ??

Tue Nov 3 19:55:16 EST 2015

On Tue, Nov 3, 2015 at 10:18 AM, Dirk-Willem van Gulik <dirkx at webweaving.org
> wrote:

> I agree it is a great step forward for authentication technology - and an
> improvement for the web as we know it today - with its large ‘probably not
> too evil’ fiefdoms and relatively simple set of feudal loyalty oaths one is
> to pledge to google, facebook or apple. BUT I am not so sure if SOP would
> have been conductive to make the web the success it is now - and certainly
> do not see SOP helping to bring the goodness of the open web to whatever
> the web will morph into.
>

Can you give a specific example of how you think SOP (at least the somewhat
weaker interpretation used by U2F) is deleterious, especially considering
U2F's multi-facet support (which allows explicit policies for cross-origin
access)?

https://developers.yubico.com/U2F/App_ID.html

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151103/89a67aac/attachment.html>