I have two questions relating to the U2F proxy.
I don’t see people talking much about it lately. Most of what I see were issues back when it first came out. How is it now? Is it still supported/developed and have some of the problems people were having been fixed/mitigated?
I’m seeing somewhat conflicting instructions in the docs. One of the features in the Introduction page is the proxy. And the proxy page says it’s recommended for security reasons.
BUT the section on installing software in Dom0 (which we have to do to use the proxy) says it’s for advanced users only, that installing specific packages is usually not recommended, and that the best practice is to exercise EXTREME caution when doing this.
So does the U2F proxy count as one of those exceptions or am I deciding which of the two threats is more likely (compromised proxy versus compromised browser and session hijack)? Is it one of those trusted extensions that’s fine to install?
I know the second question is almost self-explanatory, since its specifically recommended. But I want to make sure I’m right about it before I perform an advanced user task that the instructions say multiple times, “make sure you know what you’re doing or risk Dom0.”