Bug 1399959 - Prefer hardware instead of software U2F tokens r?keeler draft
authorJ.C. Jones <jjones@mozilla.com>
Thu, 14 Sep 2017 10:51:20 -0700
changeset 664962 499251032fdd8db81000ba97bb2cf9554a755b2d
parent 664736 dd6b788f149763c4014c27f2fe1a1d13228bda82
child 731608 0d08f43af319848c3dc9091de0dd71e688ea6b1c
push id79878
push userbmo:jjones@mozilla.com
push dateThu, 14 Sep 2017 17:53:09 +0000
bugs1399959, 1388851
Bug 1399959 - Prefer hardware instead of software U2F tokens r?keeler Bug 1388851 adds hardware U2F support to Gecko; the instructions to test involve flipping two prefs, but the common case will be using harwdare tokens, so this patch makes users only haave to flip the "security.webauth.u2f" or "security.webauth.webauthn" prefs as they choose. MozReview-Commit-ID: 346120ZI8p4
--- a/security/manager/ssl/security-prefs.js
+++ b/security/manager/ssl/security-prefs.js
@@ -108,20 +108,23 @@ pref("security.pki.netscape_step_up_poli
 pref("security.pki.netscape_step_up_policy", 2);
 // Configures Certificate Transparency support mode:
 // 0: Fully disabled.
 // 1: Only collect telemetry. CT qualification checks are not performed.
 pref("security.pki.certificate_transparency.mode", 0);
+// Hardware Origin-bound Second Factor Support
 pref("security.webauth.u2f", false);
 pref("security.webauth.webauthn", false);
+// Only one of "enable_softtoken" and "enable_usbtoken" can be true
+// at a time.
 pref("security.webauth.webauthn_enable_softtoken", false);
-pref("security.webauth.webauthn_enable_usbtoken", false);
+pref("security.webauth.webauthn_enable_usbtoken", true);
 pref("security.ssl.errorReporting.enabled", true);
 pref("security.ssl.errorReporting.url", "https://incoming.telemetry.mozilla.org/submit/sslreports/");
 pref("security.ssl.errorReporting.automatic", false);
 // Impose a maximum age on HPKP headers, to avoid sites getting permanently
 // blacking themselves out by setting a bad pin.  (60 days by default)
 // https://tools.ietf.org/html/rfc7469#section-4.1