===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/PROTOCOL.u2f,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- src/usr.bin/ssh/PROTOCOL.u2f	2020/01/25 23:13:09	1.18
+++ src/usr.bin/ssh/PROTOCOL.u2f	2020/01/28 08:01:34	1.19
@@ -141,17 +141,20 @@
 choose not to include this information in the public key or save it by
 default.
 
-Attestation information is very useful however in an organisational
-context, where it may be used by a CA as part of certificate
-issuance. In this case, exposure to the CA of hardware identity is
-desirable. To support this case, OpenSSH optionally allows retaining the
-attestation information at the time of key generation. It will take the
-following format:
+Attestation information is useful for out-of-band key and certificate
+registration worksflows, e.g. proving to a CA that a key is backed
+by trusted hardware before it will issue a certificate. To support this
+case, OpenSSH optionally allows retaining the attestation information
+at the time of key generation. It will take the following format:
 
-	string		"sk-attest-v00"
-	uint32		version		(1 for U2F, 2 for FIDO2 in future)
+	string		"ssh-sk-attest-v00"
 	string		attestation certificate
 	string		enrollment signature
+	uint32		reserved flags
+	string		reserved string
+
+OpenSSH treats the attestation certificate and enrollment signatures as
+opaque objects and does no interpretation of them itself.
 
 SSH U2F signatures
 ------------------