Google has now released their "Titan" keys to the general store (albeit via a waitlist). When they first announced their product, Yubico, their chief competitor, decried the use of Bluetooth:
Google’s offering includes a Bluetooth (BLE) capable key. While Yubico previously initiated development of a BLE security key, and contributed to the BLE U2F standards work, we decided not to launch the product as it does not meet our standards for security, usability and durability. BLE does not provide the security assurance levels of NFC and USB, and requires batteries and pairing that offer a poor user experience.
This aspersion came some time after revelations of a flaw in the Bluetooth stack, namely the Blueborne vulnerability.
However, if U2F relies on Public Key Cryptography, does it matter if someone can see every part of the data exchange? I thought that was part of the point of U2F.
I do not worry about an evil ISP intercepting my HTTPS connections; should I worry about an evil bystander when I use U2F over Bluetooth?
If not, is Yubico concerned about compromise of the U2F device itself, or are they just throwing Fear, Uncertainty, and Doubt (A.K.A. "FUD") at a competitor's product?