It is only for Apple Devices, and all it does is allow them to easily disable attestation and thus (is this device used for auth secure) for a singular TouchID/FaceID.
Instead of with Yubikey where if the attestation key is compromised, and it is blacklisted, they disable every single last device manufactured with said attestation key.
all future attestations. U2F/webauthn doesn't actually provide a revocation mechanism.
> Instead of with Yubikey where if the attestation key is compromised, and it is blacklisted, they disable every single last device manufactured with said attestation key.
it is important to note that there is not a "the" attestation key. there are many. "disabling" one, to the extent that is even possible, disables only the group with that key.
Instead of with Yubikey where if the attestation key is compromised, and it is blacklisted, they disable every single last device manufactured with said attestation key.