[sebk]

I don't disagree at all. I like that WebAuthn prioritized security and privacy over usability, and they have made improvements in usability later on (like Passkeys or hybrid transport). Bolting on security is undoubtedly worse than bolting on UX. But I also think that it's important that consumers keep actively voicing their needs and preference. I believe we'll have a good solution in this space, but until we do, I'll keep parroting the need every chance I get.

Also please don't get me wrong, I don't want sync fabric establishment to be part of the WebAuthn or CTAP2 spec at all, but I do want a solution that both gives third-party sync fabric developers access to the hardware. It being a standard isn't strictly needed unless we're thinking of cross-fabric compatibility, which I think no one wants. It would certainly help with not messing up the implementation, though, but if that happens it should be something separate from WebAuthn.