Could you explain more? For Apple, the web page I found seems to be an enterprise thing:

https://support.apple.com/guide/deployment/passkey-attestati...

That's the "cover story" use case. The real use case is so that passkeys created on Apple devices can only ever move to other Apple devices, and ditto for on Microsoft or Google devices, and the real point of attestation is so that they can force you to use theirs by cryptographically ensuring that you're not using open-source ones like KeePassXC.

But the whole point of this new standard is to allow passkeys to be portable:

https://arstechnica.com/security/2025/06/apple-previews-new-...

As an example, see this issue opened against keepassxc saying that if they continue allowing plaintext passkey export, they're at risk of being blocked once attestation is standardized:

https://github.com/keepassxreboot/keepassxc/issues/10407

The goal here isn't maximizing user choice, it's to enforce minimum agreeable standards by the major vendors. It's up to you whether your personal needs wholly align with what they want to mandate, forever.

Yeah, I’m okay with that. It’s also true that not just anyone can become a domain registry either, but we still have choices.

It’s less convenient, but you can always create a new passkey manually for an account.

If that ends up letting attested passkeys be exported outside of the Microsoft/Apple/Google oligopoly, I'll eat my hat.

Who uses attested passkeys? (Serious question.)