Conversation
10 tasks
rasa
reviewed
Jul 22, 2024
rasa
reviewed
Jul 22, 2024
rasa
reviewed
Jul 22, 2024
Member
Author
|
Added a section on the "2FA" setting (renamed from "Require UV") covering most of what I laid out in syncthing/syncthing#9175 (comment). |
imsodin
reviewed
Aug 1, 2024
Co-authored-by: Simon Frei <[email protected]>
rasa
reviewed
Aug 13, 2024
| A credential is a public-private key pair stored either on an external security key, | ||
| or a `platform credential` stored on your computer or phone. | ||
| A credential is a public-private key pair that is stored on an `authenticator`, | ||
| which could be an external security key, a smartphone, or built into your computer. |
Member
There was a problem hiding this comment.
Suggested change
| which could be an external security key, a smartphone, or built into your computer. | |
| which could be a smart device (such as a phone, tablet, or watch), a dedicated hardware security key (such as a YubiKey), or built right into your computer. |
"security key" might be too vague to the uninitiated, and aren't they all external?
rasa
reviewed
Aug 13, 2024
| We therefore sometimes refer to WebAuthn credentials in Syncthing as "passkeys", | ||
| because they enable most of the same UI flows as passkeys, | ||
| even though they do not consume storage space on external security keys like passkeys usually do. | ||
| even though they do not consume storage space on external security keys like passkeys generally do. |
Member
There was a problem hiding this comment.
Suggested change
| even though they do not consume storage space on external security keys like passkeys generally do. | |
| even though they do not consume storage space on hardware security keys like passkeys generally do. |
rasa
reviewed
Aug 13, 2024
| but with credentials that do not need to consume storage space. | ||
| A "passkey" is a credential that enables "username-less login", | ||
| which identifies the user automatically without needing them to enter a username first. | ||
| For technical reasons, this is incompatible with a cryptographic trick commonly used by external security keys |
Member
There was a problem hiding this comment.
Suggested change
| For technical reasons, this is incompatible with a cryptographic trick commonly used by external security keys | |
| For technical reasons, this is incompatible with a cryptographic trick commonly used by hardware security keys |
rasa
reviewed
Aug 13, 2024
| @@ -45,7 +44,8 @@ For example: | |||
|
|
|||
| - If the credential is stored on a smartphone, | |||
Member
There was a problem hiding this comment.
Should these paragraphs refer to "smart devices, or your PC"? Since it's just an example, probably not.
rasa
reviewed
Aug 13, 2024
| For hostnames other than ``localhost`` you will also need an HTTPS certificate your browser considers valid. | ||
| For guidance on how to create or obtain one, see for example | ||
| `OpenSSL Cookbook <https://www.feistyduck.com/library/openssl-cookbook/online/>`_ | ||
| or `Let's Encrypt <https://letsencrypt.org/getting-started/>`_. |
Member
There was a problem hiding this comment.
How about adding:
To create locally trusted HTTPS certificates on the command-line see
mkcert <https://github.com/FiloSottile/mkcert>_.
Member
|
For the record, I'd like some time to review this as well before someone merges it. Just waiting for the main PR to settle down a bit. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Documentation for syncthing/syncthing#9175.