[WebAuthn] Changed order
Dieser Commit ist enthalten in:
Niklas Meyer
GitHub
Ursprung
095fe20e34
Commit
091b4819e5
1 geänderte Dateien mit 11 neuen und 11 gelöschten Zeilen
|
|
@ -80,17 +80,6 @@ To enable this feature, change the value `WEBAUTHN_ONLY_TRUSTED_VENDORS` in mail
|
||||||
|
|
||||||
The mailcow will now use the Vendor Certificates located in your mailcow directory under `data/web/inc/lib/WebAuthn/rootCertificates`.
|
The mailcow will now use the Vendor Certificates located in your mailcow directory under `data/web/inc/lib/WebAuthn/rootCertificates`.
|
||||||
|
|
||||||
### Is it dangerous to keep the Vendor Check disabled?
|
|
||||||
No, it isn´t!
|
|
||||||
These vendor certificates are only used to verify original hardware, not to secure the registration process.
|
|
||||||
|
|
||||||
As you can read in these articles, the deactivation is not software security related:
|
|
||||||
- [https://developers.yubico.com/U2F/Attestation_and_Metadata/](https://developers.yubico.com/U2F/Attestation_and_Metadata/)
|
|
||||||
- [https://medium.com/webauthnworks/webauthn-fido2-demystifying-attestation-and-mds-efc3b3cb3651](https://medium.com/webauthnworks/webauthn-fido2-demystifying-attestation-and-mds-efc3b3cb3651)
|
|
||||||
- [https://medium.com/webauthnworks/sorting-fido-ctap-webauthn-terminology-7d32067c0b01](https://medium.com/webauthnworks/sorting-fido-ctap-webauthn-terminology-7d32067c0b01)
|
|
||||||
|
|
||||||
In the end, however, it is of course your decision to leave this check disabled or enabled.
|
|
||||||
|
|
||||||
##### Example:
|
##### Example:
|
||||||
If you want to limit the official Vendor devices to Apple only you only need the Apple Vendor Certificate inside the `data/web/inc/lib/WebAuthn/rootCertificates`.
|
If you want to limit the official Vendor devices to Apple only you only need the Apple Vendor Certificate inside the `data/web/inc/lib/WebAuthn/rootCertificates`.
|
||||||
After you deleted all other certs you now only can activate WebAuthn 2FA with Apple devices.
|
After you deleted all other certs you now only can activate WebAuthn 2FA with Apple devices.
|
||||||
|
|
@ -104,6 +93,17 @@ Just copy the certificate into the `data/web/inc/lib/WebAuthn/rootCertificates`
|
||||||
|
|
||||||
Now you should be able to register this device as well, even though the verification for the vendor certificates is enabled, since you just added the certificate manually.
|
Now you should be able to register this device as well, even though the verification for the vendor certificates is enabled, since you just added the certificate manually.
|
||||||
|
|
||||||
|
#### Is it dangerous to keep the Vendor Check disabled?
|
||||||
|
No, it isn´t!
|
||||||
|
These vendor certificates are only used to verify original hardware, not to secure the registration process.
|
||||||
|
|
||||||
|
As you can read in these articles, the deactivation is not software security related:
|
||||||
|
- [https://developers.yubico.com/U2F/Attestation_and_Metadata/](https://developers.yubico.com/U2F/Attestation_and_Metadata/)
|
||||||
|
- [https://medium.com/webauthnworks/webauthn-fido2-demystifying-attestation-and-mds-efc3b3cb3651](https://medium.com/webauthnworks/webauthn-fido2-demystifying-attestation-and-mds-efc3b3cb3651)
|
||||||
|
- [https://medium.com/webauthnworks/sorting-fido-ctap-webauthn-terminology-7d32067c0b01](https://medium.com/webauthnworks/sorting-fido-ctap-webauthn-terminology-7d32067c0b01)
|
||||||
|
|
||||||
|
In the end, however, it is of course your decision to leave this check disabled or enabled.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## TOTP
|
## TOTP
|
||||||
|
|
|
||||||
Laden …
In neuem Issue referenzieren