The threat you relayed was more serious than the threat you made. But it is a threat when a person with influence suggests they may support a punishment.

The biggest advocates of an open ecosystem say attestation should be removed and no one should adopt Passkeys before. Is this your position now?

The concerns were clear I thought. I would be happy to discuss this publicly.

▲

timmyc123 5 days ago | parent [-]

Attestation is not used in the consumer passkey ecosystem.

▲

pseudalopex 5 days ago | parent [-]

But it could be. Yes?

▲

timmyc123 5 days ago | parent [-]

Not really. The attestation model defined for workforce (enterprise) credential managers/authenticators doesn't really work in practice for consumer credential managers.

▲

pseudalopex 4 days ago | parent [-]

> doesn't really work in practice

Avoid weasel words please. Is it possible in theory to use attestation or any other Passkeys feature ever to prevent a user to use any software they chose with any service they chose?

▲

jesseendahl 4 days ago | parent [-]

In theory any code could be written at any time that does something good or bad. Sure.

But in reality, the people who actually work on these standards within the FIDO alliance do not want a world where every website/service makes arbitrary decisions on which password managers are allowed. That would be a nightmare.

	▲	deltoidmaximus 4 days ago \| parent [-]
		Will be a nightmare. If they really didn't want this they wouldn't have put the tool to do it right in the spec.