alt Hacker News> this will effectively ban all open-source implementations
This is the only point where I differ: it will effectively ban most implementations, with no regard for whether they’re open source, closed source, or private. 1Password could be open-sourced tomorrow and continue being an approved implementation, no sweat, because they can be trusted not to disguise and release “export your passkeys as plaintext at rest” functionality — but in today’s market, there are certainly a thousand implementations (whether source or not) that died on the vine, whose sole purpose would have been to circumvent that one restriction, far more than there are implementations that are willing to genuinely try to uphold it.
Glad someone else is fighting for repurposeability — but there is no universal answer for how to balance privacy, freedom, and security. It’s something people have to decide for themselves, and just as my phone has an “highest security, lower convenience” mode for certain scenarios, so too I wish it had a “no security, total modifiability” mode for other scenarios. (Even if that denied me app store access, and I would demand that it wipe pre-existing passkeys from the HSM when I enabled freedom mode, or else it’s just an uncontrolled attack vector!)
It was perhaps not phrased that well. I meant that it would prevent passkeys from being used on user-controlled systems at all, since there wouldn't be a way for a passkey implementation to hide the attestation key from the user if the user can perform arbitrary modifications to the operating system. It will end up exactly like one of these DRM schemes, where you can't watch more than 720p videos on Linux.
Remote attestation in general is a backdoor to software freedom and ownership bestowed on you by free software, in the same way that tivoization is. Tivoization prevents you from running a modified version of the software on the same hardware, while attestation discriminates against you for running a modified version.
I do agree we should have repurposeability, but that's mostly independent of this attestation topic, IMO. I also think the tradeoff between security/privacy and freedom is greatly overblown. There is some, but giving the user an adb root shell or ssh server with key will not significantly decrease security of the user on Android. (It might reduce the security of the apps against the user, but it shouldn't be there in the first place). I'd be fine with not having app store access if it isn't mandatory for daily life, but that's not the case in our world.