I've been reading lots of explanations of passkeys but they all either contradict each other or go unbelievably vague on fundamental points, for example saying that an authenticator "communicates" a key to a website without elaborating on how the communication occurs. I think what happened here was at some point during standardization "Passkey"/FIDO/WebAuthn wound up becoming an umbrella containing several fundamentally different kinds of system