verify-required: ssh-keygen manpage ambiguity

[Lukas Ribisch]

Hi,

Based on my understanding of the FIDO protocol, user verification is
independently requested during key creation and verification via
server (i.e.relying party in FIDO/WebAuthN terminology) side flags,
i.e. "user verification required" is not a per-key/credential, but
rather a per-operation property.

However, the `ssk-keygen` manpage states that:

> verify-required
>             Indicate that this private key should require user verification for each signature.

This seems dangerously misleading in that it seems to imply that this
key creation choice somehow becomes an intrinsic property of a key,
which I believe is not the case. (Achieving this seems theoretically
possible by extending the public key format to include a private key
signature over an options list which could then be validated
server-side, but as far as I've seen in the code, this is currently
not the case – sorry if I missed something.)

As I understand it, the only way to actually enforce user presence
verification would be to specify verify-required in either an
authorized_keys file (on a per-key basis), or globally for a given
server as a PubkeyAuthOptions option.

If that understanding is correct, would it make sense to change the
ssh-keygen man page accordingly?

Best,
Lukas