This argument is ridiculous and purposefully inflammatory. The issue at hand is the requirement for client attestation while using passkeys. So in that light, can you describe for us the scenario in which grandma, who is undoubtedly using passkeys on an iPhone or an Android, looses all her money simply because someone, somewhere else is using a passkey without attestation? You can't, because the vendor lock-in created by attestation doesn't meaningfully increase grandma's security. Rather, it exists (outside the enterprise scenario) primarily as an anti-competitive tool to be wielded by the major players.

Passkeys could have been an overall boon to society. But with attestation restricted to a set of corporate-blessed providers it is a Faustian bargain at best.

▲

timmyc123 9 days ago | parent | next [-]

> The issue at hand is the requirement for client attestation while using passkeys.

There is no attestation in the consumer synced passkey ecosystem. Period.

▲

vdqtp3 8 days ago | parent [-]

Can you say "There will be no attestation in the consumer synced passkey ecosystem. Period."? That seems to be the concern, not what exists today.

▲

timmyc123 8 days ago | parent [-]

Ecosystems are made up of hundreds of thousands of organizations, billions of devices,and billions of users.

How do you expect a single person to be able to make an authoritative statement like that?

	▲	anonymars 7 days ago \| parent [-]
		Well, you said definitively it's not in the...ecosystem, well of course it's not in that ecosystem now, but that's an extremely narrow reading of the question: the concern is it being in the spec that the consumer-facing ecosystem is pushing hard. A consumer-facing ecosystem that has amply demonstrated how much it loves lock-in. "Fool me once...can't get fooled again"

▲

9 days ago | parent | prev [-]

[deleted]