Hacker News new | past | comments | ask | show | jobs | submit login

Here is another tradeoff. Many PIV smartcards (such as YubiKey 4, if I'm not mistaken) are able to store only a single private key. With U2F (ecdsa-sk), the number of SSH keys is unlimited.

Another tradeoff. Some users may be using a cheap or old token (without PIV support) or a token with a private key slot already used for something else. Now, with a software-only upgrade (on both SSH client and server), they can user their existing token for SSH authentication.




Ah yes, that's a good point. It is not great that you leak your identity by using pubkey (ssh whoami.filippo.io).




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: