[Bug 1387908] [NEW] FIDO u2f security keys should be supported out of the box

Dimitri John Ledkov launchpad at surgut.co.uk
Fri Oct 31 00:25:01 UTC 2014 

Public bug reported:

FIDO u2f is an emerging standard for public-private cryptography based
2nd factor authentication, which improves on OTP by mitigating phishing,
man-in-the-middle attacks and reply attacks.

Google Chrome supports u2f devices which are now widely available from
Yubico (new premium neo Yubikeys and Security keys).

However, udev rules are required to setup permissions to allow the web-
browsers which are running as regular users to access the devices in
question.

E.g.:

KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0664", GROUP="plugdev",
ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120"

Something like that should be enabled by default, however probably not
encode on the vendor/productid as other vendors will also make u2f
devices.

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: systemd (Ubuntu Trusty)
     Importance: Undecided
         Status: New

** Affects: systemd (Ubuntu Utopic)
     Importance: Undecided
         Status: New

** Affects: systemd (Ubuntu Vivid)
     Importance: Undecided
         Status: New

** Also affects: systemd (Ubuntu Vivid)
   Importance: Undecided
       Status: New

** Also affects: systemd (Ubuntu Utopic)
   Importance: Undecided
       Status: New

** Also affects: systemd (Ubuntu Trusty)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1387908

Title:
  FIDO u2f security keys should be supported out of the box

Status in “systemd” package in Ubuntu:
  New
Status in “systemd” source package in Trusty:
  New
Status in “systemd” source package in Utopic:
  New
Status in “systemd” source package in Vivid:
  New

Bug description:
  FIDO u2f is an emerging standard for public-private cryptography based
  2nd factor authentication, which improves on OTP by mitigating
  phishing, man-in-the-middle attacks and reply attacks.

  Google Chrome supports u2f devices which are now widely available from
  Yubico (new premium neo Yubikeys and Security keys).

  However, udev rules are required to setup permissions to allow the
  web-browsers which are running as regular users to access the devices
  in question.

  E.g.:

  KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0664", GROUP="plugdev",
  ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120"

  Something like that should be enabled by default, however probably not
  encode on the vendor/productid as other vendors will also make u2f
  devices.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1387908/+subscriptions

More information about the foundations-bugs mailing list