josephcsible a day ago

That's the "cover story" use case. The real use case is so that passkeys created on Apple devices can only ever move to other Apple devices, and ditto for on Microsoft or Google devices, and the real point of attestation is so that they can force you to use theirs by cryptographically ensuring that you're not using open-source ones like KeePassXC.

Reply View 5 replies
  • skybrian a day ago

    But the whole point of this new standard is to allow passkeys to be portable:

    https://arstechnica.com/security/2025/06/apple-previews-new-...

    Reply View 4 replies
    • AlotOfReading a day ago

      As an example, see this issue opened against keepassxc saying that if they continue allowing plaintext passkey export, they're at risk of being blocked once attestation is standardized:

      https://github.com/keepassxreboot/keepassxc/issues/10407

      The goal here isn't maximizing user choice, it's to enforce minimum agreeable standards by the major vendors. It's up to you whether your personal needs wholly align with what they want to mandate, forever.

      Reply View 1 reply
      • skybrian 11 hours ago

        Yeah, I’m okay with that. It’s also true that not just anyone can become a domain registry either, but we still have choices.

        It’s less convenient, but you can always create a new passkey manually for an account.

        Reply View 0 replies
    • josephcsible a day ago

      If that ends up letting attested passkeys be exported outside of the Microsoft/Apple/Google oligopoly, I'll eat my hat.

      Reply View 1 reply
      • skybrian 11 hours ago

        Who uses attested passkeys? (Serious question.)

        Reply View 0 replies