[drdaeman]

Makes sense. Enterprise shit is, indeed, terrible. However, I didn't mean there is any reason to support every JavaCard out there and existing (enterprise) software - and I suppose this is where it all really starts to smell. On the other hand, they have designed a whole new standard, protocol and devices.

I've edited this for quite long time and finally figured out what I really had in my mind. I'm not disappointed it's a new standard or anything like this. I'm disappointed by the fact that this stuff isn't extensible and nothing new can be build upon this.

Not in a sense that no new software can be added to a token, but when you use U2F you just have a means to prove you know some PSK. And that's it. Would the token hold a keypair and use digital signatures instead, it could bring much more possibilities in the long run. Like sending encrypted emails to the token owners, or building a global identity system where identities are something user possesses, not leases from the "identity providers".