Good. The point here is to shrink the space where client attestation is used, not to expand it. Every time it shrinks a little bit more is a victory. Let's get it out of the browser and then we can tackle native attestation for apps next.
> If this gets rejected, would that mean that services that need a "trusted client" simply deprecate their web apps and rely on a iOS/Android app?
This is verbatum the argument that was brought up for EME. But now we have the benefit of looking back at EME and seeing what the impact was. It didn't stop the movement towards native apps, businesses like Netflix implemented EME and kept many of the same restrictions they were going to implement anyway. It did end up harming browser diversity.
I understand that it sounds scary to say "we're just not going to do this" on the web when sites might be pushing a scare tactic of "we're just going to go native then." But... we've been through this, caving doesn't work. The sites that want to go native will go native, WEI on its own will not be a business justification for websites to stay on the web or to leave the web. The sites that do want to go native-only will not suddenly make a website just because WEI exists. They'll do the same stuff they wanted to do anyway, and if WEI is available, they will simply add that to their toolkit as a way to limit user agency alongside everything else they're doing.
It's good if businesses that want to rely on client attestation are "punished" by being forced to abandon their web presence. And frankly, people underestimate how much power the web has. Refusing to support WEI will not kill the web.
Good. The point here is to shrink the space where client attestation is used, not to expand it. Every time it shrinks a little bit more is a victory. Let's get it out of the browser and then we can tackle native attestation for apps next.
> If this gets rejected, would that mean that services that need a "trusted client" simply deprecate their web apps and rely on a iOS/Android app?
This is verbatum the argument that was brought up for EME. But now we have the benefit of looking back at EME and seeing what the impact was. It didn't stop the movement towards native apps, businesses like Netflix implemented EME and kept many of the same restrictions they were going to implement anyway. It did end up harming browser diversity.
I understand that it sounds scary to say "we're just not going to do this" on the web when sites might be pushing a scare tactic of "we're just going to go native then." But... we've been through this, caving doesn't work. The sites that want to go native will go native, WEI on its own will not be a business justification for websites to stay on the web or to leave the web. The sites that do want to go native-only will not suddenly make a website just because WEI exists. They'll do the same stuff they wanted to do anyway, and if WEI is available, they will simply add that to their toolkit as a way to limit user agency alongside everything else they're doing.
It's good if businesses that want to rely on client attestation are "punished" by being forced to abandon their web presence. And frankly, people underestimate how much power the web has. Refusing to support WEI will not kill the web.