> do we do client attestation in a browser or pretend remote attestation doesn't exist
Neither. The issue is that this is being framed as a "client attestation" problem, when the actual problem that needs to be solved (as opposed to a "problem" that certain companies would like to "solve" to benefit themselves at users' expense) is a user attestation problem.
My bank has no reason to care what client I am using to access their online services. They do have a reason to care about correctly identifying who I am. But there are already ways to do that that are just as good as anything WEI will provide.
Companies that do care what client I am using don't care for my benefit. They care for their benefit. But as long as they can't get the law to tilt the playing field in their favor, I can just refuse to use their services if they refuse to accept my client. As soon as "client attestation" becomes a legal requirement, though, then it's not just those particular companies that will use it; everybody will have to, including my bank, even though my bank has no reason to do so other than the law if such a law passes.
Neither. The issue is that this is being framed as a "client attestation" problem, when the actual problem that needs to be solved (as opposed to a "problem" that certain companies would like to "solve" to benefit themselves at users' expense) is a user attestation problem.
My bank has no reason to care what client I am using to access their online services. They do have a reason to care about correctly identifying who I am. But there are already ways to do that that are just as good as anything WEI will provide.
Companies that do care what client I am using don't care for my benefit. They care for their benefit. But as long as they can't get the law to tilt the playing field in their favor, I can just refuse to use their services if they refuse to accept my client. As soon as "client attestation" becomes a legal requirement, though, then it's not just those particular companies that will use it; everybody will have to, including my bank, even though my bank has no reason to do so other than the law if such a law passes.