@whitequark @dalias @glyph The thing I want out of passkeys is completely different from what Catherine wants out of passkeys, which is (I think) different from what Glyph wants! I want SRP. I want authentication without the shared secret (password) having to travel from its trusted home (whereever that is) to the authenticating party, thus hitting peril from lazy/malicious Twitter engineers, malwared Microsoft Windows, etc. Glyph wants anti-fishing. Catherine wants (I think) convenience. (3/4)