|
|
|
|
|
|
by WorldMaker
1140 days ago
|
|
|
You can't export hard TPM keys so attested keys become recovery bottlenecks in the user experience. Sure, that's a potential moat to prevent people as easily jumping between walled gardens, but it's also a moat that accidentally can just make your users unhappy if they end up in an unhappy path in your walled garden. People lose devices and need hard recoveries all the time. If they can't get past the moat, they are just as likely to jump to your competitor anyway if they are "starting over". For what it is worth, Apple has recently stated that they don't see a lot of day-to-day need for hardware-attested keys and their Passkeys implementation is working to avoid them in most cases in practice, in large part especially due to that user experience of preferring comfort and recoverability over lock-in. |
|
|