upstream: document the "no-touch-required" certificate extension;

ok markus, feedback deraadt

OpenBSD-Commit-ID: 47640122b13f825e9c404ea99803b2372246579d

1 files changed, 8 insertions, 1 deletions

diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys
index 48338e67..1fce8700 100644
--- a/PROTOCOL.certkeys
+++ b/PROTOCOL.certkeys
@@ -280,6 +280,13 @@ their data fields are:
 
 Name                    Format        Description
 -----------------------------------------------------------------------------
+no-presence-required    empty         Flag indicating that signatures made
+                                      with this certificate need not assert
+                                      user presence. This option only make
+                                      sense for the U2F/FIDO security key
+                                      types that support this feature in
+                                      their signature formats.
+
 permit-X11-forwarding   empty         Flag indicating that X11 forwarding
                                       should be permitted. X11 forwarding will
                                       be refused if this option is absent.
@@ -304,4 +311,4 @@ permit-user-rc          empty         Flag indicating that execution of
                                       of this script will not be permitted if
                                       this option is not present.
 
-$OpenBSD: PROTOCOL.certkeys,v 1.16 2018/10/26 01:23:03 djm Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.17 2019/11/25 00:57:51 djm Exp $