I know this is a bit of a bump, but i've been thinking about U2F recently and this is quite an interesting design idea.

For example:
1) Alice provides Webapp with her U2F public key
2) Bob provides Webapp with his U2F public key
3) Webapp constructs a 2-of-2-multisig address using both their public keys.
4) Now Alice and Bob can do business using the webapp. However, the webapp itself never has access to the private keys but only acts as a service provider.

If this design pattern is possible it will make it so much easier to develop single page applications that only provides the contract but doesn't hold any keys. Developers can focus more on the service and be less paranoid about security.

I recently bought a Ledger Nano S which is on it's way, i will try to find out if this works.