From nobody Thu Sep 5 01:29:34 2024 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WzhcC5Yb4z5WJvb for ; Thu, 05 Sep 2024 01:29:47 +0000 (UTC) (envelope-from chaplintokyo@vivaldi.net) Received: from smtp.vivaldi.net (smtp.vivaldi.net [31.209.137.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4WzhcB6fNQz4V4J for ; Thu, 5 Sep 2024 01:29:46 +0000 (UTC) (envelope-from chaplintokyo@vivaldi.net) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=vivaldi.net header.s=default header.b=F2VNDOI3; dkim=pass header.d=vivaldi.net header.s=default header.b=YcYUg5th; dmarc=pass (policy=reject) header.from=vivaldi.net; spf=pass (mx1.freebsd.org: domain of chaplintokyo@vivaldi.net designates 31.209.137.12 as permitted sender) smtp.mailfrom=chaplintokyo@vivaldi.net Received: from localhost (localhost [127.0.0.1]) by smtp.vivaldi.net (Postfix) with ESMTP id 1CF82BD3C0 for ; Thu, 5 Sep 2024 01:29:45 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp.vivaldi.net 1CF82BD3C0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vivaldi.net; s=default; t=1725499785; bh=MFMvqqTuvheAu3mjBX2H4uwr2dZmE6LifCf7avNWUdo=; h=From:To:Subject:Date:In-Reply-To:References:List-Id:List-Post: From; b=F2VNDOI39yrc6UdCz/qplPWboKv/X3m6ZDBsgq0Efwj1j72QGB5JYU8/n8BI8bwJA y/W2q2zWgQEl59rECiqQ+38OuoUYoudx2qsafK4Js6KNMHdffPfS2Uic1JiJmzd3yn Kxb0/5DhdfIpkZ10RLbAzvqp8FRgBpXX0WlhLh3pgdGmX0qtIXshXuP5oRSMvyVbJk 1hQC3k8QjfRfOqfjfl6MoLBQG6LjPsP0xrQfyVC//NglQirGFXm+qkQru/g7Cem3nt t6zkwygRrxV1lLtsVZhIBDKLEQaMFmT7czQ5R02vzzXYUy2CzhRsvlxCXnSXehkZ6J ovvZHBs7rvvfw== X-Virus-Scanned: Debian amavisd-new at smtp.vivaldi.net Received: from smtp.vivaldi.net ([127.0.0.1]) by localhost (mxo.viv.dc01 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uiTdBskvKEds for ; Thu, 5 Sep 2024 01:29:41 +0000 (UTC) Content-Type: multipart/alternative; boundary="----sinikael-?=_1-17254997749430.2092336319932011" DKIM-Filter: OpenDKIM Filter v2.11.0 smtp.vivaldi.net 710F6BD3B1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vivaldi.net; s=default; t=1725499781; bh=MFMvqqTuvheAu3mjBX2H4uwr2dZmE6LifCf7avNWUdo=; h=From:To:Subject:Date:In-Reply-To:References:List-Id:List-Post: From; b=YcYUg5thSDVSOuSu2Fv1dfi9xKvRoNgWNhWFH+XZ2lhx6gl3xPRW6k6JSnK2KGBdo 1qWpKp5gtkKJkbNdy14DyZhj3rXwCIOgFxpMLFHxrAzO0+mQDTqJngpfnWD/+2qNJZ NNnyPuLaVK3s09xWqaUwFzkTXQitayvPUp9QNL9bk/4mADkwHb0U9L6fY5R65rTstA +7kl7NHdA3li/ehJJd/2dWkRwB8uW3rV5Cwm2P9Kf58atSL9bkUvOrbBF88NjYwLHv YxwYMg6jJtYekt4ncrKbCfqueoITLIGukZPx7HKdIxQoywSjzFui0cALirzEPUkJoN MrOyZyzpBwHlg== Message-Id: <1725499586705.347452092.1360397@vivaldi.net> From: Hotaka Korenori To: questions@freebsd.org Subject: Re: FIDO2 security key (YubiKey 5 NFC) and WebAuthn Date: Thu, 05 Sep 2024 01:29:34 +0000 In-Reply-To: <20240904104643.ab27db8cc7abc7068fff98ee@magnetkern.de> References: <20240904104643.ab27db8cc7abc7068fff98ee@magnetkern.de> List-Id: User questions List-Post: User-Agent: Vivaldi Mail/6.9.3447.37 X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.10 / 15.00]; MISSING_MIME_VERSION(2.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.997]; DMARC_POLICY_ALLOW(-0.50)[vivaldi.net,reject]; R_DKIM_ALLOW(-0.20)[vivaldi.net:s=default]; R_SPF_ALLOW(-0.20)[+ip4:31.209.137.12]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_IN_DNSWL_LOW(-0.10)[31.209.137.12:from]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:51896, ipnet:31.209.136.0/21, country:IS]; MID_RHS_MATCH_FROM(0.00)[]; MLMMJ_DEST(0.00)[questions@freebsd.org]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org]; DKIM_TRACE(0.00)[vivaldi.net:+] X-Rspamd-Queue-Id: 4WzhcB6fNQz4V4J List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org ------sinikael-?=_1-17254997749430.2092336319932011 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, I am a newbie here but having a similar issue with Yubikey 5 NFC on Firefox= on GhostBSD (FreeBSD 14.1 based). I reached out to Yubikey support and = this is the response I got. I haven't yet tried the suggested check re = pcscd but this does seem to be what the folks at Yubikey seem to feel is = the most likely issue. Chaplintokyo Michael (Yubico) Sep 3, 2024, 11:13=E2=80=AFAM PDT Hello, =20 Thank you for contacting Yubico Support! Michale here, sorry to hear about = this issue! =20 I'm afraid GhostBS falls outside our scope of support as it is a linux = distribution. You would need to reach out to them directly. Sorry about = that! =20 I do have one suggestion, however, and that is to be sure that the pcscd = daemon is running; you can use the following command in the terminal if you= are using systemd: sudo systemctl status pcscd =20 =20 I hope this helps! Please let me know if you have any further questions. = Otherwise, have a great day! =20 Kind regards, Michael Customer Support Specialist | Yubico On 2024=E5=B9=B409=E6=9C=8804=E6=97=A5 17=E6=99=8246=E5=88=8643=E7=A7=92 = (+09:00), Jan Behrens wrote: > Hello, > > I have a problem with my FIDO2 security key (which is a YubiKey 5 NFC). > As I'm unsure whether this is an issue of FreeBSD or Firefox, I ask > here. > > Originally, I made a post on the FreeBSD forum, but didn't get a > helpful response regarding this issue yet: > https://forums.freebsd.org/threads/94605/ > > In here, I only want to discuss the WebAuthn issue in Firefox, and not > the potential security issue regarding "pcscd" also mentioned on the > forum. (I made a post to the freebsd-security mailing list in that > matter.) > > The Firefox related problem is as follows: When I go to > https://webauthn.io/ and click on "Authenticate" (this is reproducible > without a hardware token), then Firefox asks me: > > "Touch your security key to continue with webauthn.io." > > If I press cancel and try again, the website will from then on respond > with: > > "The request is not allowed by the user agent or the platform in the > current context, possibly because the user denied permission." > > Similar errors happen on other websites providing WebAuthn login. > > This is until I switch to the text console using CTRL+ALT+F1 and back > to X using CTRL+ALT+F9. Afterwards I can perform WebAuthn registration > or authentication once more using Firefox, but only once. After an > unsuccessful or successful registration or authentication, it won't > work until I switch back to text console and back. > > If I have several Firefox windows with different profiles open, only > the first attempt will be executed, and all other windows will fail > from then on. > > This problem doesn't seem to exist in Chromium. However, I don't > understand why switching to the text console and back to X is a > workaround. This is why I suspect there might be something FreeBSD > related to this problem? > > Can anyone reproduce this behavior of Firefox using FreeBSD? I'm using > package "firefox-130.0_1,2" and FreeBSD 14.1-RELEASE-p3. > > Kind Regards, > Jan Behrens > > --=20 Sent with Vivaldi Mail. Download Vivaldi for free at vivaldi.= com ------sinikael-?=_1-17254997749430.2092336319932011 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
Hi,=

I am a newbie here but having a similar issue = with Yubikey 5 NFC on Firefox on GhostBSD (FreeBSD 14.1 based).  I = reached out to Yubikey support and this is the response I got.  I = haven't yet tried the suggested check re pcscd but this does seem to be = what the folks at Yubikey seem to feel is the most likely issue.=

Chaplintokyo

Michael (Yubico)

Sep 3, = 2024, 11:13=E2=80=AFAM PDT

Hello,=
 
Thank you for contacting Yubico Support! Michale here, sorry = to hear about this issue!
 
I'm afraid GhostBS falls outside our= scope of support as it is a linux distribution. You would need to reach = out to them directly. Sorry about that!
 
I do have one = suggestion, however, and that is to be sure that the pcscd daemon is = running; you can use the following command in the terminal if you are using= systemd: sudo= systemctl status pcscd  
 
I hope this helps! = Please let me know if you have any further questions. Otherwise, have a = great day!
 

Kind regards,

Michael
Customer Support = Specialist | Yubico


On 2024=E5=B9=B409=E6=9C=8804=E6=97=A5 = 17=E6=99=8246=E5=88=8643=E7=A7=92 (+09:00), Jan Behrens = wrote:

> Hello,
> =
> I have a problem with my FIDO2 security key (which is a= YubiKey 5 NFC).
> As I'm unsure whether this is an issue = of FreeBSD or Firefox, I ask
> here.
> =
> Originally, I made a post on the FreeBSD forum, but = didn't get a
> helpful response regarding this issue = yet:
> https://forums.freebsd.org/threads/94605/
=
>
> In here, I only want to discuss the WebAuthn = issue in Firefox, and not
> the potential security issue = regarding "pcscd" also mentioned on the
> forum. (I made a= post to the freebsd-security mailing list in that
> = matter.)
>
> The Firefox related problem= is as follows: When I go to
> https://webauthn.io/ and = click on "Authenticate" (this is reproducible
> without a = hardware token), then Firefox asks me:
> =
> "Touch your security key to continue with webauthn.io.= "
>
> If I press cancel and try again, = the website will from then on respond
> = with:
>
> "The request is not allowed by= the user agent or the platform in the
> current context, = possibly because the user denied permission."
> =
> Similar errors happen on other websites providing = WebAuthn login.
>
> This is until I = switch to the text console using CTRL+ALT+F1 and back
> to= X using CTRL+ALT+F9. Afterwards I can perform WebAuthn = registration
> or authentication once more using Firefox, = but only once. After an
> unsuccessful or successful = registration or authentication, it won't
> work until I = switch back to text console and back.
> =
> If I have several Firefox windows with different = profiles open, only
> the first attempt will be executed, = and all other windows will fail
> from then on.=
>
> This problem doesn't seem to exist = in Chromium. However, I don't
> understand why switching = to the text console and back to X is a
> workaround. This = is why I suspect there might be something FreeBSD
> = related to this problem?
>
> Can anyone = reproduce this behavior of Firefox using FreeBSD? I'm = using
> package "firefox-130.0_1,2" and FreeBSD 14.= 1-RELEASE-p3.
>
> Kind Regards,=
> Jan Behrens
>
> =


-- 
Sent with = Vivaldi Mail. Download Vivaldi for free at vivaldi.= com ------sinikael-?=_1-17254997749430.2092336319932011--