===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/PROTOCOL.u2f,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- src/usr.bin/ssh/PROTOCOL.u2f	2019/11/18 04:34:47	1.7
+++ src/usr.bin/ssh/PROTOCOL.u2f	2019/11/19 22:23:19	1.8
@@ -175,15 +175,18 @@
 For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1
 format data in the pre-authentication attack surface. Therefore, the
 signature format used on the wire in SSH2_USERAUTH_REQUEST packets will
-be reformatted slightly and the ecdsa_signature_blob value has the encoding:
+be reformatted to better match the existing signature encoding:
 
-	mpint		r
-	mpint		s
+	string		"sk-ecdsa-sha2-nistp256@openssh.com"
+	string		ecdsa_signature
 	byte		flags
 	uint32		counter
 
-Where 'r' and 's' are extracted by the client or token middleware from the
-ecdsa_signature field returned from the hardware.
+Where the "ecdsa_signature" field follows the RFC5656 ECDSA signature
+encoding:
+
+	mpint		r
+	mpint		s
 
 For Ed25519 keys the signature is encoded as: