@rmondello@siracusa Core to the early passkey design docs was the idea that the user can never ever export the private key. This is true across every public private key design system. If users are exporting private keys from specialized key storage hardware, the system has failed.
The only proposal I’ve seen is that a user would be able to enroll multiple tiered keys at the same time, which neither solves the vendor lock-in problem or the usability design.