upstream: chop some unnecessary and confusing verbiage from the

security key protocol description; feedback from Ron Frederick

OpenBSD-Commit-ID: 048c9483027fbf9c995e5a51b3ac502989085a42

diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f
index eabbd72791acd3528ef1b66346b271b2622d9fae..375d73bbc00d2859b80b1f98086f3c9bba5deba8 100644 (file)
--- a/PROTOCOL.u2f
+++ b/PROTOCOL.u2f
@@ -150,15 +150,8 @@ SSH U2F signatures
 ------------------
 
 In addition to the message to be signed, the U2F signature operation
-requires a few additional parameters:
-
-       byte            control bits (e.g. "user presence required" flag)
-       byte[32]        SHA256(message)
-       byte[32]        SHA256(application)
-       byte            key_handle length
-       byte[]          key_handle
-
-This signature is signed over a blob that consists of:
+requires the key handle and a few additional parameters. The signature
+is signed over a blob that consists of:
 
        byte[32]        SHA256(application)
        byte            flags (including "user present", extensions present)
@@ -170,7 +163,7 @@ The signature returned from U2F hardware takes the following format:
 
        byte            flags (including "user present")
        uint32          counter
-       byte[32]        ecdsa_signature (in X9.62 format).
+       byte[]          ecdsa_signature (in X9.62 format).
 
 For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1
 format data in the pre-authentication attack surface. Therefore, the