Remix.run Logo
lxgr 3 hours ago

> The standard includes a hardware attestation path.

Yes, and iOS and Android's Passkey implementation does not support it, since doing so would be lying about a given credential being hardware-backend when it's actually not (due to being cloud-synced and often recoverable via some process).

Attestation is only for hardware authenticators, either dedicated ones like Yubikeys or non-synchronized Android WebAuthN credentials. (iOS only supports them in MDM contexts anymore, I believe.)