From e5ae2c6b32314171b1f24efc0c985c8a96f991cc Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 11 Dec 2019 22:19:48 +0000 Subject: add a note about the 'extensions' field in the signed object --- usr.bin/ssh/PROTOCOL.u2f | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'usr.bin') diff --git a/usr.bin/ssh/PROTOCOL.u2f b/usr.bin/ssh/PROTOCOL.u2f index 32bfa20f316..066d0995162 100644 --- a/usr.bin/ssh/PROTOCOL.u2f +++ b/usr.bin/ssh/PROTOCOL.u2f @@ -170,6 +170,10 @@ is signed over a blob that consists of: byte[] extensions byte[32] SHA256(message) +No extensons are yet defined for SSH use. If any are defined in the future, +it will be possible to infer their presence from the contents of the "flags" +value. + The signature returned from U2F hardware takes the following format: byte flags (including "user present") -- cgit v1.2.3