From 416f15372bfb5be1709a0ad1d00ef5d8ebfb9e0e Mon Sep 17 00:00:00 2001
From: "naddy@openbsd.org" <naddy@openbsd.org>
Date: Fri, 20 Dec 2019 20:28:55 +0000
Subject: [PATCH] upstream: SSH U2F keys can now be used as host keys. Fix a
 garden

path sentence. ok markus@

OpenBSD-Commit-ID: 67d7971ca1a020acd6c151426c54bd29d784bd6b
---
 PROTOCOL.u2f | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f
index 066d09951..61b70d6ef 100644
--- a/PROTOCOL.u2f
+++ b/PROTOCOL.u2f
@@ -37,7 +37,7 @@ hardware, thus requiring little on-device storage for an effectively
 unlimited number of supported keys. This drives the requirement that
 the key handle be supplied for each signature operation. U2F tokens
 primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2
-standard specified additional key types include one based on Ed25519.
+standard specifies additional key types, including one based on Ed25519.
 
 SSH U2F Key formats
 -------------------
@@ -49,10 +49,6 @@ OpenSSH integrates U2F as new key and corresponding certificate types:
 	sk-ssh-ed25519@openssh.com
 	sk-ssh-ed25519-cert-v01@openssh.com
 
-These key types are supported only for user authentication with the
-"publickey" method. They are not used for host-based user authentication
-or server host key authentication.
-
 While each uses ecdsa-sha256-nistp256 as the underlying signature primitive,
 keys require extra information in the public and private keys, and in
 the signature object itself. As such they cannot be made compatible with