From: djm@openbsd.org <djm@openbsd.org>
Date: Mon, 25 Nov 2019 00:57:51 +0000 (+0000)
Subject: upstream: document the "no-touch-required" certificate extension;
X-Git-Tag: V_8_2_P1~250
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=664deef95a2e770812533439b8bdd3f3c291ae59;p=thirdparty%2Fopenssh-portable.git

upstream: document the "no-touch-required" certificate extension;

ok markus, feedback deraadt

OpenBSD-Commit-ID: 47640122b13f825e9c404ea99803b2372246579d
---

diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys
index 48338e671..1fce87006 100644
--- a/PROTOCOL.certkeys
+++ b/PROTOCOL.certkeys
@@ -280,6 +280,13 @@ their data fields are:
 
 Name                    Format        Description
 -----------------------------------------------------------------------------
+no-presence-required    empty         Flag indicating that signatures made
+                                      with this certificate need not assert
+                                      user presence. This option only make
+                                      sense for the U2F/FIDO security key
+                                      types that support this feature in
+                                      their signature formats.
+
 permit-X11-forwarding   empty         Flag indicating that X11 forwarding
                                       should be permitted. X11 forwarding will
                                       be refused if this option is absent.
@@ -304,4 +311,4 @@ permit-user-rc          empty         Flag indicating that execution of
                                       of this script will not be permitted if
                                       this option is not present.
 
-$OpenBSD: PROTOCOL.certkeys,v 1.16 2018/10/26 01:23:03 djm Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.17 2019/11/25 00:57:51 djm Exp $