
Introducing the Qubes U2F Proxy - andrewdavidwong
https://www.qubes-os.org/news/2018/09/11/qubes-u2f-proxy/
======
Boulth
> Since the U2F model assumes that the browser is trustworthy, any browser in
> the OS is able to access any key stored on the U2F token. The user has no
> way to know which keys have been accessed by which browsers for which
> services.

Note that this should be treated as a "mental shortcut" as keys are never
directly exposed to browsers or any other devices in U2F. It would be more
precise to say that the browser can ask U2F device to sign any request with
any key.

Of course internally the key storage can be optimized. For example Yubikey and
Feitan (Google Titan Key) generates private P-256 keys on demand by HMACing a
burned secret. That's how they can provide "unlimited storage".

Details here:
[https://developers.yubico.com/U2F/Protocol_details/Key_gener...](https://developers.yubico.com/U2F/Protocol_details/Key_generation.html)

------
wpdev_63
Once again as a reminder - just because your computer is running qubes os
doesn't mean it's secure from the 3 letter agencies. If they compromised the
underlying hardware then whatever you run on top of it is compromised(e.g.
qube os etc).

