upstream: SSH U2F keys can now be used as host keys. Fix a garden

path sentence. ok markus@ OpenBSD-Commit-ID: 67d7971ca1a020acd6c151426c54bd29d784bd6b
author: naddy@openbsd.org <naddy@openbsd.org> 2019-12-20 20:28:55 +0000
committer: Damien Miller <djm@mindrot.org> 2019-12-21 13:22:07 +1100
commit: 416f15372bfb5be1709a0ad1d00ef5d8ebfb9e0e (patch)
tree: dc9ba4c764e701a02dea6ae1726c5c22f28abdda /PROTOCOL.u2f
parent: 68010acbcfe36167b3eece3115f3a502535f80df (diff)
1 files changed, 1 insertions, 5 deletions
diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f
index 066d09951..61b70d6ef 100644
--- a/PROTOCOL.u2f
+++ b/PROTOCOL.u2f
@@ -37,7 +37,7 @@ hardware, thus requiring little on-device storage for an effectively
 unlimited number of supported keys. This drives the requirement that
 the key handle be supplied for each signature operation. U2F tokens
 primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2
-standard specified additional key types include one based on Ed25519.
+standard specifies additional key types, including one based on Ed25519.
 SSH U2F Key formats
 -------------------
@@ -49,10 +49,6 @@ OpenSSH integrates U2F as new key and corresponding certificate types:
        sk-ssh-ed25519@openssh.com
        sk-ssh-ed25519-cert-v01@openssh.com
-These key types are supported only for user authentication with the
-"publickey" method. They are not used for host-based user authentication
-or server host key authentication.
 While each uses ecdsa-sha256-nistp256 as the underlying signature primitive,
 keys require extra information in the public and private keys, and in
 the signature object itself. As such they cannot be made compatible with
author	naddy@openbsd.org <naddy@openbsd.org>	2019-12-20 20:28:55 +0000
committer	Damien Miller <djm@mindrot.org>	2019-12-21 13:22:07 +1100
commit	416f15372bfb5be1709a0ad1d00ef5d8ebfb9e0e (patch)
tree	dc9ba4c764e701a02dea6ae1726c5c22f28abdda /PROTOCOL.u2f
parent	68010acbcfe36167b3eece3115f3a502535f80df (diff)

diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f index 066d09951..61b70d6ef 100644 --- a/PROTOCOL.u2f +++ b/PROTOCOL.u2f
@@ -37,7 +37,7 @@ hardware, thus requiring little on-device storage for an effectively
37	unlimited number of supported keys. This drives the requirement that	37	unlimited number of supported keys. This drives the requirement that
38	the key handle be supplied for each signature operation. U2F tokens	38	the key handle be supplied for each signature operation. U2F tokens
39	primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2	39	primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2
40	standard specified additional key types include one based on Ed25519.	40	standard specifies additional key types, including one based on Ed25519.
41		41
42	SSH U2F Key formats	42	SSH U2F Key formats
43	-------------------	43	-------------------
@@ -49,10 +49,6 @@ OpenSSH integrates U2F as new key and corresponding certificate types:
49	sk-ssh-ed25519@openssh.com	49	sk-ssh-ed25519@openssh.com
50	sk-ssh-ed25519-cert-v01@openssh.com	50	sk-ssh-ed25519-cert-v01@openssh.com
51		51
52	These key types are supported only for user authentication with the
53	"publickey" method. They are not used for host-based user authentication
54	or server host key authentication.
55
56	While each uses ecdsa-sha256-nistp256 as the underlying signature primitive,	52	While each uses ecdsa-sha256-nistp256 as the underlying signature primitive,
57	keys require extra information in the public and private keys, and in	53	keys require extra information in the public and private keys, and in
58	the signature object itself. As such they cannot be made compatible with	54	the signature object itself. As such they cannot be made compatible with