[Disclosure: I work for AgileBits, the makers of 1Password]
Jeffrey Goldberg
1305

Unified Diffie-Hellman uses two keypairs, one ephemeral keypair for the session and another keypair for signing. If 1password ‘opted-in’ a browser session and stored the public portion of the signing keypairs in the operating system keychain, then an encrypted plus authenticated session could be established between the browser and the service.