On Fri, 1 Nov 2019 19:36:16 +1100 (AEDT) Damien Miller <djm at mindrot.org> wrote: > Theft or disclosure of the on-disk id_ecdsa_sk private > key alone should yield attackers the ability to authenticate using a > U2F token Just to clarify: I assume that should read "should *not* yield"? (Great stuff, by the way.) Christian