[jrockway]

I'm not sure it's the standards committee's fault that your employer hires people that don't know how to do their job.

I think it's reasonable to have attestation for the corporate use case. If they're buying security devices from a certain vendor, it's reasonable for their server to check that the person pretending to be you at the other end is using one of those devices. It's an extra bit of confidence that you're actually you.

[ori_b]

It's the standards committees job to design standards that are difficult to misuse.

[raxxorraxor]

The most common fault of committees is that they overengineer processes and specs wander out of scope. The result is that users (dev & consumers) either neglect the bad parts or the spec doesn't get used at all.