[Bug 1757411] [NEW] [MIR] libu2f-host *UDEV RULES ONLY* bin:libu2f-udev
Dimitri John Ledkov
launchpad at surgut.co.uk
Wed Mar 21 12:24:48 UTC 2018
Public bug reported:
[Foreword]
U2F - "universal two factor" is a recent standard to provide two factor
authentication using elliptic curve cryptography; with physical
confirmation; and authentication of both server and client identities.
This is therefore stronger than the usual 6-digit codes, and more user
friendly - just touch a button. The devices that commonly support this
are Yubikeys among other implementations. These rely on access to
/dev/hidraw device by the user account, which is typically otherwise
accessible by root only. The udev rules shipped, open up, and assign
these devices to the user seats - effectively making them "USB memory
stick" permissions wise (a local user/seat can access it, when plugging
it in). Previously these udev rules were shipped in src:systemd, but now
they have been removed upstream in favor of maintaining them in the src
:libu2f-host. On the user systems, Firefox / Chrome / Chromium have
support to use u2f devices to authenticate with Google Apps, Github,
Salesforce, Etc.
This MIR is specifically about shipping the udev rules only. It is not
about shipping the libu2f shared library that facilitates developing of
u2f enabled apps and daemons.
[Availability]
Available in universe.
[Rationale]
All Ubuntu Desktop Flavours should be able to perform U2F authentication
in a web-browser.
[Security]
udev rules only, as described in foreword, limited by vendor IDs and
model numbers.
[Quality assurance]
The package is in good shape, and there is a binary package specifically
to ship udev rules only.
[Dependencies]
none
[Standards compliance]
ok
[Maintenance]
At times, as more devices become available on the market, udev rules may
need an update, and SRUs.
foundations bugs is subscribed.
seeded into desktop-common.
[Background information]
See foreword.
** Affects: libu2f-host (Ubuntu)
Importance: Undecided
Status: New
** Tags: id-5a096cad0b33afe7dc38a9c1
** Description changed:
[Foreword]
U2F - "universal two factor" is a recent standard to provide two factor
authentication using elliptic curve cryptography; with physical
confirmation; and authentication of both server and client identities.
This is therefore stronger than the usual 6-digit codes, and more user
friendly - just touch a button. The devices that commonly support this
are Yubikeys among other implementations. These rely on access to
/dev/hidraw device by the user account, which is typically otherwise
accessible by root only. The udev rules shipped, open up, and assign
these devices to the user seats - effectively making them "USB memory
stick" permissions wise (a local user/seat can access it, when plugging
it in). Previously these udev rules were shipped in src:systemd, but now
they have been removed upstream in favor of maintaining them in the src
:libu2f-host. On the user systems, Firefox / Chrome / Chromium have
support to use u2f devices to authenticate with Google Apps, Github,
Salesforce, Etc.
This MIR is specifically about shipping the udev rules only. It is not
about shipping the libu2f shared library that facilitates developing of
u2f enabled apps and daemons.
[Availability]
Available in universe.
[Rationale]
All Ubuntu Desktop Flavours should be able to perform U2F authentication
in a web-browser.
[Security]
udev rules only, as described in foreword, limited by vendor IDs and
model numbers.
[Quality assurance]
The package is in good shape, and there is a binary package specifically
to ship udev rules only.
[Dependencies]
none
[Standards compliance]
ok
[Maintenance]
At times, as more devices become available on the market, udev rules may
need an update, and SRUs.
+ foundations bugs is subscribed.
+
+ seeded into desktop-common.
+
[Background information]
See foreword.
** Summary changed:
- [MIR] libu2f-host *UDEV RULES ONLY*
+ [MIR] libu2f-host *UDEV RULES ONLY* bin:libu2f-udev
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libu2f-host in Ubuntu.
https://bugs.launchpad.net/bugs/1757411
Title:
[MIR] libu2f-host *UDEV RULES ONLY* bin:libu2f-udev
Status in libu2f-host package in Ubuntu:
New
Bug description:
[Foreword]
U2F - "universal two factor" is a recent standard to provide two
factor authentication using elliptic curve cryptography; with physical
confirmation; and authentication of both server and client identities.
This is therefore stronger than the usual 6-digit codes, and more user
friendly - just touch a button. The devices that commonly support this
are Yubikeys among other implementations. These rely on access to
/dev/hidraw device by the user account, which is typically otherwise
accessible by root only. The udev rules shipped, open up, and assign
these devices to the user seats - effectively making them "USB memory
stick" permissions wise (a local user/seat can access it, when
plugging it in). Previously these udev rules were shipped in
src:systemd, but now they have been removed upstream in favor of
maintaining them in the src:libu2f-host. On the user systems, Firefox
/ Chrome / Chromium have support to use u2f devices to authenticate
with Google Apps, Github, Salesforce, Etc.
This MIR is specifically about shipping the udev rules only. It is not
about shipping the libu2f shared library that facilitates developing
of u2f enabled apps and daemons.
[Availability]
Available in universe.
[Rationale]
All Ubuntu Desktop Flavours should be able to perform U2F
authentication in a web-browser.
[Security]
udev rules only, as described in foreword, limited by vendor IDs and
model numbers.
[Quality assurance]
The package is in good shape, and there is a binary package
specifically to ship udev rules only.
[Dependencies]
none
[Standards compliance]
ok
[Maintenance]
At times, as more devices become available on the market, udev rules
may need an update, and SRUs.
foundations bugs is subscribed.
seeded into desktop-common.
[Background information]
See foreword.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libu2f-host/+bug/1757411/+subscriptions
More information about the foundations-bugs
mailing list