On Thu, 2015-02-05 at 17:45 +0100, Nikos Mavrogiannopoulos wrote: > > One of the presentations in fosdem's security devroom was about U2F. As > far as I understood U2F is smart card which provides unique per server > ECDSA256 keys. Those could be stored in the card or in the PC similarly > to TPM (i.e., encrypted using a key that depends on the card and the > site). The protocol includes registration, and is a simple > challenge-response process. The differences between a PKCS #11 smart > card and that one, is the specified registration protocol as well as its > driverless nature. The U2F protocol is however limited to secp256r1 curve > and cannot be extended beyond it. What do you think of that? Would it make > sense to support it in openconnect?
