[drdaeman]

Uh. U2F feels incredibly limited compared to PKCS#11 I really wonder why it was chosen (and somewhat disappointed by the choice.)

With a smartcard that can hold an key pair, one can both authenticate (sign) and encrypt messages, using a same single key (or multiple keys if wish for multiple identities). With U2F all one can is authenticate, using a distinct securely-stored PSK for each remote party.

[superuser2]

The infrastructure around smartcards is designed for one enterprise to pay another enterprise millions of dollars to roll out Active Directory-based authentication for a Windows domain with hundreds of thousands of users, for a multinational corporation to roll out a payment card, etc.

A single hobbyist maintains an open-source tool that allows applets to be loaded on to GlobalPlatform-compliant cards. It's pretty fragile and requires some trickery and tribal knowledge. You have to hope some forum somwhere has the unlock key to allow applet loading on whatever card you bought. Another single hobbyist maintains a PKCS#11-compatible card applet, PKIApplet. It requires a relatively modern JavaCard version and compatible JavaCards are not always available for individual purchase in the U.S. If you're prepared to really get down and dirty with DIY trickery, you might manage to load PKIApplet onto a JavaCard with GlobalPlatformPro.

Actually using it requires OpenSC, not a shining example of usability or code quality. It requires specific drivers for different cards, each having slightly different personalization procedures. Many of the drivers in it are for cards that can no longer be purchased. PKIApplet appears to have a driver in OpenSC but I haven't gotten an opportunity to test it yet. Much of the tooling you'll find references to in documentation turns out to have expired domains and abandoned SourceForge projects last updated 2002.

The OpenPGP route appears to be a little less sad than the PKCS#11 route, since at least Yubikey maintains a modern OpenPGPApplet.

If your Fortune 100 company's CTO wants to play golf with Gemalto, smart cards are for you. Otherwise, probably not. It makes sense that a modern personal 2FA solution would want to be free of all that legacy.

[drdaeman]

Makes sense. Enterprise shit is, indeed, terrible. However, I didn't mean there is any reason to support every JavaCard out there and existing (enterprise) software - and I suppose this is where it all really starts to smell. On the other hand, they have designed a whole new standard, protocol and devices.

I've edited this for quite long time and finally figured out what I really had in my mind. I'm not disappointed it's a new standard or anything like this. I'm disappointed by the fact that this stuff isn't extensible and nothing new can be build upon this.

Not in a sense that no new software can be added to a token, but when you use U2F you just have a means to prove you know some PSK. And that's it. Would the token hold a keypair and use digital signatures instead, it could bring much more possibilities in the long run. Like sending encrypted emails to the token owners, or building a global identity system where identities are something user possesses, not leases from the "identity providers".