Love the idea! Yes there are challenges (ref: 'Embrace and extend') but there is a very clear value: both for end users (that ultimately drive value) and for paying companies (startups or other) that have have great new products but have to deal with a market in which 'the current generation' of products are used.
From a different angle (that you're probably already considering :-): What about SaaS companies that also want to give customers a smooth way out if they are not satisfied. I can imagine that there is value in having some sort of 'seal' that makes it clear that: yes you can get out of here if our product is not what you want it to be.
Final note: I just hope that we’re not going to end up in a situation where we need to do a “ReCaptcha” again after logging in because some SaaS, x, is wary of scrapes….
I understand from [0] that the attestation key is shared across all instances (SNs) of the same model (PN): "...For example, all YubiKey 4 devices would have the same attestation certificate; or all Samsung Galaxy S8’s would have the same attestation certificate". So you would not need to to buy them at the same time.
But of course, despite this, still a unique key is generated for each identity upon sign up [0]. I am not sure (as in 'have no knowledge of') the entropy for these devices.
A little anecdote/legend from the Philips Research Labs (Nat. Lab.):
When the team demonstrated the first CD they drilled some holes in them, and showed: "Look how robust, they even work when they are this damaged" (paraphrased).
In reality the locations of these holes were chosen very precisely. Not sure if this is true, but this is a story that my colleagues told me in the 90's...
I gave the reporting a try, and I like the flow in the demo (which is for a Public repo); easy to use.
For a private repo, I would probably also want people to be able to leave anonymous replies (to get 'as much feedback as possible'), but that's just my n=1 opinion.
Yep, feedback is valuable. And the earlier the more valuable (it's like NPV...).
I love coding so much, and find it really hard to express ideas in natural language, so that in the end documentation... doesn't happen as much as it should.
What I find that really helps is the following:
1. Write down architecture specs (with interface specs etc), before coding. Not bloated, but really minimalistic.
2. Review these ideas with peers.
3. Happy coding and refine the docs.