[palata]

> This seems like a key failure point

Actually it is a feature. The whole point of the Yubikey is that you can't extract the key. Syncing keys would mean extracting them, which would defeat the purpose of the Yubikey.

Now I am not saying that it is a feature you want. That's why there are other kinds of passkeys. My point is that it is not a flaw in Yubikeys, it is by design.

[godelski]

  > Actually it is a feature.

There's a critical flaw in PGP actually. If you reply to any PGP encrypted email with "sorry, I couldn't decrypt" you'll, with high likelihood, get the cleartext version of the email soon after.

The joke is quite old and part of what I'm pointing to. Security doesn't work well if it isn't very usable. At least this is a bit better than secure communication, but it isn't as huge of a difference as it might appear.

The biggest boon in security has come due to making these tools easy to use. That's from decades of experience is realizing you can't get everyone to be technical.

[palata]

> There's a critical flaw in PGP actually.

Passkeys use FIDO2, not PGP?