Gregory's Server
There was a lot of news the other day about passkeys and portability - https://fidoalliance.org/fido-alliance-publishes-new-specifications-to-promote-user-choice-and-enhanced-ux-for-passkeys/ - that says in part:
"Until now, there has been no standard for the secure movement of credentials, and often the movement of passwords or other credentials has been done in the clear."
This is true, but... there is also still no standard for any of that. The specs are mostly empty placeholders.
https://fidoalliance.org/specs/cx/cxp-v1.0-wd-20240522.html
https://fidoalliance.org/specs/cx/cxf-v1.0-wd-20240522.html
Solid Mitch Hedberg energy here.
And, Christ On A Bike, going to press to announce the important developments in your shiny new security protocol, with "Security Considerations: TODO Security" _right there in the text of the spec_ does not fill me with confidence that you are taking this seriously.