[sdfgdfgbsdfg]

Here's how YubiCo proposes to address this: https://www.yubico.com/blog/yubico-proposes-webauthn-protoco... Revocation is done RP side, but it essentially allows a primary authenticator to register itself and the secondary on a given RP