> passkey are designed in a ways that the attestation party is visible
Are you talking about the relying party? I don't think it works the way you describe...
> passkey are designed in a ways that the attestation party is visible
Are you talking about the relying party? I don't think it works the way you describe...
I believe they mean that relying parties can use attestation to verify that the client implementation is one they choose to support.
The thing is, it's already the case today, without passkeys. Banks routinely force you to use their own app to login, for instance. And for those that allow you to choose your own password, I'm pretty sure they force you to use some other factor of their own. And it actually does make sense for services that do need the security.
The fight should be "now that we have good third-party authentication thanks to passkey, you should allow us to use those that are secure enough". Not "we don't want that new technology that is superior in many situations because services could force us to use it the way they want, exactly like they already do without this technology".
"Now that I can login using my Yubikey, please don't force me to use your MFA apps because they are provably not superior to my Yubikey".