I'm reading this paper from Yubico on Universal Second Factor and OpenID Connect and see the description about ephemeral keys
I'm confused on when a ephemeral key is used, and under what conditions they are cached.
From the Yubico document.
Page 7:
U2F does have a trust chain similar to the certificate authorities found in traditional PKI, but this is not tied directly to the key pairs issued by the U2F device. Instead, this trust chain is tied the device’s identifier certificates. These device certificates are used alongside the ephemeral keys to identify the device itself (or a batch of devices), allowing knowledgeable RPs to make informed decisions about which device manufacturers they are willing to accept.
Page 9
Why would such caching systems be widely used when they clearly subvert a fundamental aspect of the security components? A system that constantly prompts a user for the same PIN again and again is likely to be ignored or rejected by users annoyed at the constant prompting. The use of a credential cache is often considered a reasonable tradeoff. However, the U2F design avoids having to make this tradeoff decision in the first place by explicitly declaring that the ephemeral keys are used to identify the device alone.