I would counter argue being the person pushing passkeys in an enterprise: noone in the business knows what attestation is, but we're going to do it because the interface recommends it.

▲

jrockway 9 days ago | parent [-]

I'm not sure it's the standards committee's fault that your employer hires people that don't know how to do their job.

I think it's reasonable to have attestation for the corporate use case. If they're buying security devices from a certain vendor, it's reasonable for their server to check that the person pretending to be you at the other end is using one of those devices. It's an extra bit of confidence that you're actually you.

	▲	ori_b 9 days ago \| parent \| next [-]
		It's the standards committees job to design standards that are difficult to misuse.
	▲	raxxorraxor 3 days ago \| parent \| prev [-]
		The most common fault of committees is that they overengineer processes and specs wander out of scope. The result is that users (dev & consumers) either neglect the bad parts or the spec doesn't get used at all.