I have commented further down, and I really think that, from a broader perspective, there is a great chance that there will be strong positive effects for consumers. I agree that there is a threat with attestation being used to lock out certain implementations. On the other hand, the technical details do not allow that because the IDs can be changed easily. Also, there is no attestation enforced for passkeys, and that should stay that way. But I agree with one concern: If Apple or Google wanted to achieve such things, they could, just because of their market dominance in browsers. However, I just do not see how that would make sense for them from an economic perspective.
I have commented further down, and I really think that, from a broader perspective, there is a great chance that there will be strong positive effects for consumers. I agree that there is a threat with attestation being used to lock out certain implementations. On the other hand, the technical details do not allow that because the IDs can be changed easily. Also, there is no attestation enforced for passkeys, and that should stay that way. But I agree with one concern: If Apple or Google wanted to achieve such things, they could, just because of their market dominance in browsers. However, I just do not see how that would make sense for them from an economic perspective.