Comment by vel0city

2 days ago

I'm still just trying to fully understand the delination here. Let's walk through two scenarios.

Service A allows a wide variety of authenticators to store your passkey, it doesn't do any checks at all for the requirement. You choose a USB hardware authenticator. We both agree you own the key in this from what I understand.

Service B allows a stricter list of types of authenticators, and does some checks to ensure you're using an authenticator with a least a certain level of security guarantees. Your USB hardware authenticator meets these requirements. Now this key that is stored in the same place on the same hardware using pretty much the same process is now no longer "yours"?

An interesting perspective to me.