The difference is that without preloading every single vendor certificate (which is not feasible and would exclude more keys), it is not possible to support keys that require a metadata repository to validate.
Clearly, YK4 falls within that category. I've tested this with three different YK5's; the "full" one, the Nano and the USB-C variant.