@varbin @nono2357 also in your imagined attack the attacked has to be there ready to touch the remote key every time the user needs to, else the game is up.

@varbin @nono2357 webauthn spec doesnt account for device/browser compromise, because you could just steal the users session tokens etc.
i dont fully agree with the reasoning of workgroup about that, but thats the threat model they employ.

@varbin @nono2357 in other words if something accepted your "false" key after attestation, then that sites attestation checking is broken and exploitable.

@varbin @nono2357 the attested credential data is generated inside the key and contains the up/uv/publickey, so you cant forge the acd having a different public key.

@fwaggle @jpm in my neighbourhood the drivers treat it as a "high score zone" for everyone you clip. Terrifying place to ride.

@varbin @nono2357 also no it cant, the attestation includes the public key of the credential being enrolled and some other metadata. You cant just "relay it through" a yubikey and fake it. I can find the attestation code later and show you if you like :)

@varbin @nono2357 Attestation is a proof of where the private key is held, and how user verification is performed. So for something like a yubikey if it attests that its key is in an SE and UV actually does check the pin and touch is enforced. Its just about establishing those properties on first use. Without that, UV is just a "yolo i guess i checked something" signal.
Ultimately its down to threat model and which risks you will allow for your users credentials.

@jpm bike lane? Dont you mean priority car lane?

@nono2357 also its the nonce in each assertion that prevents replays, not anything else. So unless you are suggesting there is a nonce replay here that works, there isnt actually a replay attack, just a new software authenticator that you made.
The issue is software authenticators like a pw manager are doing exactly what you did to work, they cant be attested and nor can they have a consistent signcount. Again fresh nonces are what prevent replays.
So most big players have said for general public, "whatever authenticator is better than a password". For serious orgs, they do attestation and hardware keys only.

@nono2357 Sites cant do signcount=0 assertion because of roaming authenticators.