If you don't know already the OpenPGP implementation used in the new Yubykeys is no longer[1] open source. Not that it really matters, since you couldn't verify the running code anyway, but this doesn't make me feel I should trust them.

[1]: https://www.techdirt.com/articles/20160515/02094934446/bad-n...