From 664deef95a2e770812533439b8bdd3f3c291ae59 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Mon, 25 Nov 2019 00:57:51 +0000
Subject: upstream: document the "no-touch-required" certificate extension;

ok markus, feedback deraadt

OpenBSD-Commit-ID: 47640122b13f825e9c404ea99803b2372246579d
---
 PROTOCOL.certkeys | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys
index 48338e671..1fce87006 100644
--- a/PROTOCOL.certkeys
+++ b/PROTOCOL.certkeys
@@ -280,6 +280,13 @@ their data fields are:
 
 Name                    Format        Description
 -----------------------------------------------------------------------------
+no-presence-required    empty         Flag indicating that signatures made
+                                      with this certificate need not assert
+                                      user presence. This option only make
+                                      sense for the U2F/FIDO security key
+                                      types that support this feature in
+                                      their signature formats.
+
 permit-X11-forwarding   empty         Flag indicating that X11 forwarding
                                       should be permitted. X11 forwarding will
                                       be refused if this option is absent.
@@ -304,4 +311,4 @@ permit-user-rc          empty         Flag indicating that execution of
                                       of this script will not be permitted if
                                       this option is not present.
 
-$OpenBSD: PROTOCOL.certkeys,v 1.16 2018/10/26 01:23:03 djm Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.17 2019/11/25 00:57:51 djm Exp $
-- 
cgit v1.2.3