You are describing passkeys. All of this applies to the passkey scheme.
Actually, a benefit of passkeys is the standardization of client-side cross-device authz operations via caBLE and similar; your secret keys never leave your primary device, but are usable from other devices over a variety of transports.
Except that passkeys also add other things, like attestation, relying parties, and restrictions on how keys are synced, and so on. I don't think anyone disagrees that the basic idea of "we should be using site-specific public/private keypairs for logins" is good.
> All of this applies to the passkey scheme.
It also applies to SSH keys. I never said that passkeys couldn't do everything SSH keys can do. My criticism is that they are more complicated to do the same thing.
This is exactly what not valuing simplicity looks like.
A passkey uses FIDO2, which asks you to sign a challenge. If you use OpenSSH with a security key, it will... use FIDO2. If you use OpenSSH with a private key on your computer, you also sign a challenge, right? So it's not less complicated.
WebAuthn just adds a few things like the relying party and a counter (that nobody seems to use). And the relying party helps preventing phishing, which SSH doesn't do really well in practice (most people don't use SSH certificates and don't check the server fingerprints).
So it's just not true that passkeys are more complicated to do the same thing.