this is wrong. you're confusing with app attestation. the other reply to this comment is also wrong.
passkey lack the attestation content because the spec doesn't provide for the case being discussed on another thread... cloud backed up keys.
attestation field, per current spec, must attest the 3rd party own the key and it only lives in a single placed (original intent was harware on client validated by vendor keys there)... now obviously we know apple google backup your keys on their cloud, so they cannot attest anything per current spec.
don't takes that as a instance on privacy. they are rushing changes to the spec.
as soon as they can attest keys that are shared with their clouds they will do.
passkey lack the attestation content because the spec doesn't provide for the case being discussed on another thread... cloud backed up keys.
attestation field, per current spec, must attest the 3rd party own the key and it only lives in a single placed (original intent was harware on client validated by vendor keys there)... now obviously we know apple google backup your keys on their cloud, so they cannot attest anything per current spec.
don't takes that as a instance on privacy. they are rushing changes to the spec.
as soon as they can attest keys that are shared with their clouds they will do.